SHA2 is susceptible to a length extension attack, meaning supposedly secure messages can be added to and still pass certain security tests.
