For those who directly arrived to this post, I'd strongly suggest reading the following in sequence to gain context

Broken or deprecated ciphers have typically known weaknesses. A attacker might be able to brute force the secret key use for the encryption. The confidentiality and integrity of the information encrypted is at risk.

DES/3DES/MD4/MD5/SHA-1 are not considered a strong cipher for modern applications. Currently, NIST recommends the usage of AES block ciphers instead.

Several companies like Ixigo and PetFlow used the old and outdated MD5 hashing algorithm to scramble passwords, which these days is easy to unscramble.

Some would argue that this incident cannot be quantified as a business logic flaw. However, if user passwords were stored securely using a hash function that is specifically designed for passwords and in addition if they are also designed to be slow,  a hacker will not be able to takeover breached accounts.

Can we quickly verify if all of our applications in the organization is NOT using any one of these cypher schemes

Execute the following commands in Ocular shell

{
val source = cpg.method.literal.code("\"(DES|MD4|MD5|RC4|RC2|Blowfish|SHA-1|ECB)\"")
val sink = cpg.method.fullName(".*doFinal.*").parameter
sink.reachableBy(source).flows.p
}

{
val source = cpg.method.fullName(".*doFinal.*").methodReturn
val sink = cpg.method.fullName(globals.javaLogger).parameter
sink.reachableBy(source).flows.p
}