CWE-328: Use of Weak Hash
Learn about CWE-328 (Use of Weak Hash), its security impact, exploitation methods, and prevention guidelines.
What is Use of Weak Hash?
• Overview: This vulnerability occurs when software uses a hash function that is not secure, making it possible for attackers to deduce the original input or find different inputs that result in the same hash.
• Exploitation Methods:
- Attackers can perform a preimage attack to determine the original input from the hash.
- A second preimage attack involves finding a different input that produces the same hash as a known input.
- A birthday attack is used to find two different inputs that hash to the same value.
• Security Impact:
- Direct consequences include unauthorized access to data and compromised integrity.
- Cascading effects can involve further system breaches if hashes protect critical data.
- Business impact includes loss of trust, potential legal consequences, and financial loss.
• Prevention Guidelines:
- Use strong, up-to-date cryptographic hash functions like SHA-256 or SHA-3.
- Implement salted hashes, especially for password storage, to prevent rainbow table attacks.
- Regularly update cryptographic libraries and follow industry standards for hash functions.
- Employ security tools for static and dynamic code analysis to detect weak hash usage.
Corgea can automatically detect and fix Use of Weak Hash in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: ICS/OT
Vulnerable Code Example
import hashlib
def hash_password_vulnerable(password):
# Vulnerable: Using MD5, a weak hash function prone to collisions and preimage attacks
return hashlib.md5(password.encode()).hexdigest()
# Example usage
hashed_password = hash_password_vulnerable("securepassword123")
print(f"Vulnerable Hash: {hashed_password}")
Explanation:
- Weak Hash Function: The code uses MD5 for hashing passwords, which is insecure due to its susceptibility to collision and preimage attacks. This makes it easier for attackers to find two different inputs that produce the same hash or infer the original input from the hash.
- Lack of Salting: The absence of a salt means that identical passwords will produce identical hashes, making the system vulnerable to rainbow table attacks.
How to fix Use of Weak Hash?
To mitigate these vulnerabilities, you should use a secure hash function and incorporate a salt. SHA-256 from the SHA-2 family is a robust choice for hashing. Additionally, using a salt ensures that even identical passwords result in different hashes, enhancing security.
Fixed Code Example
import hashlib
import os
def hash_password_secure(password):
# Generate a random salt for each password
salt = os.urandom(16)
# Use a secure hash function (SHA-256) and incorporate the salt
hash_digest = hashlib.sha256(salt + password.encode()).hexdigest()
# Return both the salt and the hash, separated by a colon
return salt.hex() + ":" + hash_digest
# Example usage
hashed_password = hash_password_secure("securepassword123")
print(f"Secure Hash: {hashed_password}")
Explanation:
- SHA-256: The use of SHA-256 instead of MD5 enhances security by providing a stronger hash function that is resistant to known vulnerabilities.
- Salting: A unique salt is generated for each password, which is then combined with the password before hashing. This ensures that even if two users choose the same password, their hashes will differ.
- Salt Storage: By storing the salt alongside the hash, the system can verify passwords by rehashing the input with the stored salt, preventing rainbow table attacks.
These improvements significantly increase the security of the password hashing process, making it more resistant to common attacks against hash functions.