One major security vulnerability of using hashes is that they can be altered while it is en route. In other words, a cyber-attacker can intercept the ciphertext and its associated hash, alter both and create a brand-new ciphertext and hash.
As a result, the receiving party is fooled into believing that this new, altered ciphertext and new, altered hash are the original sent by the sending party while the cyber-attacker keeps the actual ciphertext and hash which was generated the first time around.
To fix this, the ciphertext is combined with a “secret key” at the point of origination first, then the hash is created. As a result, this hash will contain specific information and data about the secret itself. As a result, the receiving party can even be further convinced that the ciphertext they have received is the original one sent by the sending party.
This is so because even if the ciphertext, the hash and the associated secret key were to be intercepted, there is very little that a hacker can do to alter the ciphertext and its associated hash. This is because they have to have the information and data about the secret key, which is of course something they will never gain access to.
