VariantIncomplete

CWE-760Use of a One-Way Hash with a Predictable Salt

Category: other

Description

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 2

  • [Architecture and Design]
  • [Implementation]If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.

References

  1. https://cwe.mitre.org/data/definitions/760.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of a One-Way Hash without a Salt
CWE
Use of Password Hash With Insufficient Computational Effort
CWE
Use of Weak Hash
CWE
Use of Single-factor Authentication
CWE
Use of Password Hash Instead of Password for Authentication
CWE
Inadequate Encryption Strength
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.