The SHA-1 is a cryptographic hash function which input data and produces a 160-bit hash value/message digest. In 2005, SHA-1 was not considered as secure again expert attacks. Due to this reason, the SHA-1 function was considered as not secured. The SHA-1 was then replaced by SHA-2 and SHA-3. An attacker can perform collision attacks on SHA-1 function. There are many servers that use the SHA-1 algorithm for encrypting session hash function. The attacker can easily crack these hash value using real-world collision attacks. Many of the latest web browsers like Chrome, Firefox, Safari and many more browsers have blocked the sue SHA-1 for encryption. A collision attack is a hash function bug through which, there will be two inputs might have the same hash value. The attacker can utilise this bug to get sensitive information about the server.
The following code is an example of SHA function.
The impact include:-
This vulnerability can be fixed by:-