Go : Weak hashing algorithm
Classification
Overview
The used hash function is insecure. Its use can lead to a data confidentiality loss.
The MD2, MD5, SHA1 hash functions have known vulnerabilities. Finding collisions for MD2 and MD5 functions does not require substantial resources; a similar problem for SHA1 was solved. If these functions are used to store valuable information (such as passwords), its confidentiality can be violated.
The hash function used to store passwords not only should be resistant to collisions but also should not be too fast. This complicates the attack by exhaustive search. For this purpose specialized hash functions have been developed: PBKDF2, bcrypt, scrypt.
Suppose that user passwords are stored on the server in encrypted form with the use of insecure hash function (e.g., MD5). A possible attack scenario:
- The attacker gains access to the database of encrypted passwords.
- An attacker exploits a vulnerability of hashing algorithm and calculates the string for which the hash algorithm gives the same value as for the user’s password.
- The attacker passes the authentication using a calculated string.
Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP: Top 10 2010-A7-Insecure Cryptographic Storage
- CWE-326: Inadequate Encryption Strength
- NIST Approved Algorithms
- How to securely hash passwords - Thomas Pornin / stackoverflow.com
- MD5 considered harmful today. Creating a rogue CA certificate - Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger / win.tue.nl
- Golang/App Engine - securely hashing a user’s password
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE-328
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Bleichenbacher’s attack