The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.Attacker may be able to break the algorithm and compromise whatever data has been protected that may result in the exposure of sensitive information.
1.Do not develop custom or private cryptographic algorithms.
2.Ensure that you use a strong, modern cryptographic algorithm.
Use at least AES-128 or RSA-2048. For more information refer: http://wiki.scap.org.cn/cwe/en/definition/327
ex : $sha1Sum = sha1($contents);
$cacheKey = sha1($routePath . $this->serializer->serialize($cachedParams));
if (!isset($this->cacheUrl[$cacheKey])) { $this->cacheUrl[$cacheKey] = $this->getUrlModifier()->execute( $this->createUrl($routePath, $routeParams) ); }
in vendor\magento\framework\Url.php (Line:870) file, SHA1 used. We can use the modern crypto algorithm.
CWE Code : CWE-327