Difference between revisions of "Storing passwords in a recoverable format"

From OWASP
Jump to: navigation, search
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 +
{{Template:Vulnerability}}
  
==Overview==
+
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. If a system administrator can recover the password directly - or use a brute force search on the information available to him -, he can use the password on other accounts.
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
==Consequences ==
+
==Description==
 +
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. If a system administrator can recover the password directly, or use a brute force search on the information available to him, he can use the password on other accounts.
  
* Confidentiality: User's passwords may be revealed.
+
'''Consequences'''
  
* Authentication: Revealed passwords may be reused elsewhere to impersonate the users in question.
+
* Confidentiality: Users' passwords may be revealed.
 +
* Authentication: Revealed passwords may be reused elsewhere to impersonate the users in question.
  
==Exposure period ==
+
'''Exposure period'''
  
* Design: The method of password storage and use is often decided at design time.
+
* Design: The method of password storage and use is often decided at design time.
 +
* Implementation: In some cases, the decision of algorithms for password encryption or hashing may be left to the implementers.
  
* Implementation: In some cases, the decision of algorithms for password encryption or hashing may be left to the implementers.
+
'''Platform'''
  
==Platform ==
+
* Languages: All
 +
* Operating platforms: All
  
* Languages: All
+
'''Required resources'''
 
+
* Operating platforms: All
+
 
+
==Required resources ==
+
  
 
Access to read stored password hashes
 
Access to read stored password hashes
  
==Severity ==
+
'''Severity'''
  
 
Medium to High
 
Medium to High
  
==Likelihood   of exploit ==
+
'''Likelihood of exploit'''
  
 
Very High
 
Very High
  
==Avoidance and mitigation ==
+
The use of recoverable passwords significantly increases the chance that passwords will be used maliciously. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plain-text passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders.
  
* Design / Implementation: Ensure that strong, non-reversible encryption is used to protect stored passwords.
+
==Risk Factors==
  
==Discussion ==
+
TBD
  
The use of recoverable passwords significantly increases the chance that passwords will be used maliciously. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plain-text passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders.
+
==Examples==
 
+
==Examples ==
+
  
In C\C++:
+
In C\C :
  
 
<pre>
 
<pre>
Line 73: Line 72:
 
</pre>
 
</pre>
  
==Related problems ==
 
  
* [[Use of hard-coded passwords]]
+
==Related [[Attacks]]==
  
==Categories ==
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
[[Category:Vulnerability]]
 
  
[[Category:Protocol Errors]]
+
==Related [[Vulnerabilities]]==
  
 +
* [[Use of hard-coded passwords]]
 +
 +
 +
==Related [[Controls]]==
 +
 +
* Design / Implementation: Ensure that strong, non-reversible encryption is used to protect stored passwords.
 +
 +
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
 +
 +
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link2]
 +
 +
[[Category:FIXME|add links
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
 +
 +
Configuration Vulnerability
 +
 +
Cryptographic Vulnerability
 +
 +
Encoding Vulnerability
 +
 +
Error Handling Vulnerability
 +
 +
Input Validation Vulnerability
 +
 +
Logging and Auditing Vulnerability
 +
 +
Session Management Vulnerability]]
 +
 +
__NOTOC__
 +
 +
 +
[[Category:OWASP ASDR Project]]
 +
[[Category:Vulnerability]]
 +
[[Category:Protocol Errors]]
 
[[Category:OWASP_CLASP_Project]]
 
[[Category:OWASP_CLASP_Project]]

Latest revision as of 16:02, 28 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 02/28/2009

Vulnerabilities Table of Contents

Description

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. If a system administrator can recover the password directly, or use a brute force search on the information available to him, he can use the password on other accounts.

Consequences

  • Confidentiality: Users' passwords may be revealed.
  • Authentication: Revealed passwords may be reused elsewhere to impersonate the users in question.

Exposure period

  • Design: The method of password storage and use is often decided at design time.
  • Implementation: In some cases, the decision of algorithms for password encryption or hashing may be left to the implementers.

Platform

  • Languages: All
  • Operating platforms: All

Required resources

Access to read stored password hashes

Severity

Medium to High

Likelihood of exploit

Very High

The use of recoverable passwords significantly increases the chance that passwords will be used maliciously. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plain-text passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders.

Risk Factors

TBD

Examples

In C\C  :

int VerifyAdmin(char *password) {
 
  if (strcmp(compress(password), compressed_password)) {
    printf("Incorrect Password!\n");
    return(0)
  }

  printf("Entering Diagnostic Mode�\n");
  return(1);
}

In Java:

int VerifyAdmin(String password) {
  
  if (passwd.Eqauls(compress((compressed_password)) {
    return()0)
  }
//Diagnostic Mode
  return(1);
}


Related Attacks


Related Vulnerabilities


Related Controls

  • Design / Implementation: Ensure that strong, non-reversible encryption is used to protect stored passwords.


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: