Weak Cryptography for Passwords

Hi Team, I saw while creating new account.Password is being encrypted that's good best practice. But Issue is: 1. It is showing in the request What type of encryption(Algorithm) is used in request. 2. I copied the encrypted password and past it online tool http://md5decrypt.net/en/Sha256/ and i was successfully able to decrypt. As per owasp Rule you should not use Sha256 These algorithms are considered weak. Link : https://www.owasp.org/index.php/Guide_to_Cryptography Step To Reproduce: 1. Resister mew account in https://app.legalrobot.com/. 2. Capture the request in burpsuite tool. 3. Copy the encrypted password and paste in online tool http://md5decrypt.net/en/Sha256/ it will successfully decrypt the password. Mitigation. 1. Which encryption(Algorithm) it should be displayed in the request. 2. Use strong encryption so that Man in middle attack should not be able to decrypt password. I have attached Poc. Tej