CWE-328 Detail

CWE-328

Use of Weak Hash
Draft
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

General Informations

Modes Of Introduction

Architecture and Design : COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.

Piattaforme applicabili

Linguaggio

Class: Not Language-Specific (Undetermined)

Tecnologie

Class: ICS/OT (Undetermined)

Conseguenze comuni

Ambito Impatto Probabilità
Access ControlBypass Protection Mechanism

Esempi osservati

Riferimenti Descrizione

CVE-2022-30320

Programmable Logic Controller (PLC) uses a protocol with a cryptographically insecure hashing algorithm for passwords.

CVE-2005-4900

SHA-1 algorithm is not collision-resistant.

CVE-2020-25685

DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash.

CVE-2012-6707

blogging product uses MD5-based algorithm for passwords.

CVE-2019-14855

forging of certificate signatures using SHA-1 collisions.

CVE-2017-15999

mobile app for backup sends SHA-1 hash of password in cleartext.

CVE-2006-4068

Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.

Potential Mitigations

Phases : Architecture and Design

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Pattern di attacco correlati

CAPEC-ID Nome del pattern di attacco
CAPEC-461 Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.
CAPEC-68 Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.

Note

Since CWE 4.4, various cryptography-related entries including CWE-328 have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.

Riferimenti

REF-289

MD5 considered harmful today
Alexander Sotirov et al..
http://www.phreedom.org/research/rogue-ca/

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

REF-291

bcrypt
Johnny Shelley.
https://bcrypt.sourceforge.net/

REF-292

Tarsnap - The scrypt key derivation function and encryption utility
Colin Percival.
http://www.tarsnap.com/scrypt.html

REF-293

RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0
B. Kaliski.
https://www.rfc-editor.org/rfc/rfc2898

REF-294

How To Safely Store A Password
Coda Hale.
https://codahale.com/how-to-safely-store-a-password/

REF-295

How Companies Can Beef Up Password Security (interview with Thomas H. Ptacek)
Brian Krebs.
https://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/

REF-296

Password security: past, present, future
Solar Designer.
https://www.openwall.com/presentations/PHDays2012-Password-Security/

REF-297

Our password hashing has no clothes
Troy Hunt.
https://www.troyhunt.com/our-password-hashing-has-no-clothes/

REF-298

Should we really use bcrypt/scrypt?
Joshbw.
https://web.archive.org/web/20120629144851/http://www.analyticalengine.net/2012/06/should-we-really-use-bcryptscrypt/

REF-637

Rainbow table
https://en.wikipedia.org/wiki/Rainbow_table

REF-1243

Cryptanalysis of SHA-1
Bruce Schneier.
https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

REF-1244

At death's door for years, widely used SHA1 function is now dead
Dan Goodin.
https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

REF-1283

OT:ICEFALL: The legacy of "insecure by design" and its implications for certifications and risk management
Forescout Vedere Labs.
https://www.forescout.com/resources/ot-icefall-report/

REF-1360

dmi_jtag.sv
https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82

REF-1361

fix cwe_1205 in dmi_jtag.sv
https://github.com/HACK-EVENT/hackatdac21/blob/c4f4b832218b50c406dbf9f425d3b654117c1355/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82

Invio

Nome Organizzazione Data Data di rilascio Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifiche

Nome Organizzazione Data Commento
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Observed_Example, Taxonomy_Mappings
CWE Content Team MITRE 2008-10-14 +00:00 updated Description
CWE Content Team MITRE 2009-01-12 +00:00 updated Description, References
CWE Content Team MITRE 2009-10-29 +00:00 updated Relationships
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated References, Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Demonstrative_Examples, Potential_Mitigations, References
CWE Content Team MITRE 2014-02-18 +00:00 updated Potential_Mitigations, References
CWE Content Team MITRE 2014-06-23 +00:00 updated Relationships
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Modes_of_Introduction, References, Relationships
CWE Content Team MITRE 2018-03-27 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2021-10-28 +00:00 updated Description, Maintenance_Notes, Name, Observed_Examples, References, Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples, Observed_Examples, References
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2023-04-27 +00:00 updated Detection_Factors, References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Relationships
CWE Content Team MITRE 2024-02-29 +00:00 updated Demonstrative_Examples, Description, References
CWE Content Team MITRE 2025-09-09 +00:00 updated References
CWE Content Team MITRE 2025-12-11 +00:00 updated Relationships, Weakness_Ordinalities
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.