PHP : Weak hashing algorithm
Classification
Overview
The used hash function is insecure. Its use can lead to a loss of privacy.
The MD2, MD5, SHA1 hash functions have known vulnerabilities. Finding collisions for MD2 and MD5 functions does not require substantial resources; a similar problem for SHA1 was solved. If these functions are used to store valuable information (such as passwords), its confidentiality can be violated.
The hash function used to store passwords not only should be resistant to collisions but also should not be too fast. This makes the exhaustive search attack more difficult. Specialized hash functions have been developed for this purpose, e.g. PBKDF2, bcrypt, scrypt.
Suppose that user passwords are stored on the server in encrypted form with the use of insecure hash function (e.g., MD5). Possible attack scenario:
- The attacker gains access to the database of encrypted passwords.
- An attacker exploits a vulnerability of hashing algorithm and calculates a string for which the hash algorithm outputs the same value as for the user’s password.
- The attacker passes the authentication using a calculated string.
Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP: Top 10 2010-A7-Insecure Cryptographic Storage
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- NIST Approved Algorithms
- How to securely hash passwords - Thomas Pornin / stackoverflow.com
- MD5 considered harmful today. Creating a rogue CA certificate - Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger / win.tue.nl
- hash - php.net
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE-328
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Bleichenbacher’s attack