CWE-328
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
Informacje ogólne
Sposoby wprowadzenia
Architecture and Design : COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Technologie
Class: ICS/OT (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2022-30320 | Programmable Logic Controller (PLC) uses a protocol with a cryptographically insecure hashing algorithm for passwords. |
CVE-2005-4900 | SHA-1 algorithm is not collision-resistant. |
CVE-2020-25685 | DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash. |
CVE-2012-6707 | blogging product uses MD5-based algorithm for passwords. |
CVE-2019-14855 | forging of certificate signatures using SHA-1 collisions. |
CVE-2017-15999 | mobile app for backup sends SHA-1 hash of password in cleartext. |
CVE-2006-4068 | Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks. |
Potencjalne środki zaradcze
Phases : Architecture and DesignMetody wykrywania
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Skuteczność : High
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-461 | Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service. |
| CAPEC-68 | Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack. |
Notatki
Since CWE 4.4, various cryptography-related entries including CWE-328 have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.Odniesienia
REF-289
MD5 considered harmful todayAlexander Sotirov et al..
http://www.phreedom.org/research/rogue-ca/
REF-62
The Art of Software Security AssessmentMark Dowd, John McDonald, Justin Schuh.
REF-291
bcryptJohnny Shelley.
https://bcrypt.sourceforge.net/
REF-292
Tarsnap - The scrypt key derivation function and encryption utilityColin Percival.
http://www.tarsnap.com/scrypt.html
REF-293
RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0B. Kaliski.
https://www.rfc-editor.org/rfc/rfc2898
REF-294
How To Safely Store A PasswordCoda Hale.
https://codahale.com/how-to-safely-store-a-password/
REF-295
How Companies Can Beef Up Password Security (interview with Thomas H. Ptacek)Brian Krebs.
https://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/
REF-296
Password security: past, present, futureSolar Designer.
https://www.openwall.com/presentations/PHDays2012-Password-Security/
REF-297
Our password hashing has no clothesTroy Hunt.
https://www.troyhunt.com/our-password-hashing-has-no-clothes/
REF-298
Should we really use bcrypt/scrypt?Joshbw.
https://web.archive.org/web/20120629144851/http://www.analyticalengine.net/2012/06/should-we-really-use-bcryptscrypt/
REF-637
Rainbow tablehttps://en.wikipedia.org/wiki/Rainbow_table
REF-1243
Cryptanalysis of SHA-1Bruce Schneier.
https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
REF-1244
At death's door for years, widely used SHA1 function is now deadDan Goodin.
https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/
REF-1283
OT:ICEFALL: The legacy of "insecure by design" and its implications for certifications and risk managementForescout Vedere Labs.
https://www.forescout.com/resources/ot-icefall-report/
REF-1360
dmi_jtag.svhttps://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82
REF-1361
fix cwe_1205 in dmi_jtag.svhttps://github.com/HACK-EVENT/hackatdac21/blob/c4f4b832218b50c406dbf9f425d3b654117c1355/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships, Observed_Example, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Description, References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated References, Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Potential_Mitigations, References | |
| CWE Content Team | MITRE | updated Potential_Mitigations, References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, References, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Description, Maintenance_Notes, Name, Observed_Examples, References, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Observed_Examples, References | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Detection_Factors, References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, References | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Relationships, Weakness_Ordinalities |
