Weak Hashing Algorithm Used

Summary : During analysis, it was observed that the application supported weak hashing API’s like MD5 and SHA1.

OWASP Category: M5: 2016 Insufficient Cryptography

Severity :   Low  

Complexity : Easy 

From : Remote / External

Steps to Reproduce:

Proof of Concept : Attached in the Video

Impact : The use of a weak hashing algorithm is a risk which can result in the exposure of sensitive information. The use of weak hashing algorithm and function is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.
Affected Path: Entire Application

Recommendations : It is recommended that the application should implement a strong hashing API like SHA-256 or SHA-512 since these hashing algorithms have been found to be secure against common hashing attacks.
 
References : 
https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography

Proof of Concept :