ABAP : Weak hashing algorithm
Classification
OWASP Top 10 2013 A6-Sensitive Data Exposure OWASP Top 10 2017 A3-Sensitive Data Exposure OWASP Top 10 2021 A2-Cryptographic Failures A4-Insecure Design OWASP MASVS V3: 3.4.(L1/L2/L1+R/L2+R) V8: 8.13.(L1+R/L2+R) OWASP ASVS Stored Cryptography Authentication Authentication Authentication Authentication Authentication PCI DSS 4.0 3.6.1 6.2.4 8.3.2 HIPAA §164.312 (a)(2)(iv) CWE CWE-328 CWE-1032Overview
The used hash function is insecure. Its use can lead to a data confidentiality loss.
The MD2, MD5, SHA1 hash functions have known vulnerabilities. Finding collisions for MD2 and MD5 functions does not require substantial resources; a similar problem for SHA1 was solved. If these functions are used to store valuable information (such as passwords), its confidentiality can be violated.
The hash function used to store passwords not only should be resistant to collisions but also should not be too fast. This complicates the attack by exhaustive search. For this purpose specialized hash functions have been developed: PBKDF2, bcrypt, scrypt.
Generating cryptographic hashes involves several steps, and the absence of any required step makes the data more vulnerable.
Suppose that user passwords are stored on the server in encrypted form with the use of insecure hash function (e.g., MD5). A possible attack scenario:
- The attacker gains access to the database of encrypted passwords.
- An attacker exploits a vulnerability of hashing algorithm and calculates the string for which the hash algorithm gives the same value as for the user’s password.
- The attacker passes the authentication using a calculated string.
Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- OWASP: Top 10 2010-A7-Insecure Cryptographic Storage
- CWE-326: Inadequate Encryption Strength
- NIST Approved Algorithms
- How to securely hash passwords - Thomas Pornin / stackoverflow.com
- MD5 considered harmful today. Creating a rogue CA certificate - Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger / win.tue.nl
- CWE-328
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Bleichenbacher’s attack