SV.WEAK_CRYPTO.WEAK_HASH

Weak password vulnerability

Brute-force password cracking is one of the most dangerous threats to password security. If the software's encryption scheme isn't strong enough for the level of protection needed, brute-force attacks can succeed using current attack methods and resources. The SV.WEAK_CRYPTO.WEAK_HASH checker flags encrypt, crypt*, and setkey encryption sequences that use DES encryption, which doesn't provide sufficient protection against brute-force password attacks.

Vulnerability and risk

When sensitive data is protected insufficiently, it can lead to loss of the secrecy or integrity of the data. DES encryption can be cracked using brute-force attacks. The MD5-based algorithm is slightly more secure, so it's preferred over the DES-based algorithm, but even the newer SHA-1 algorithm has been cracked. Hash algorithms like the SHA-256 and SHA-512, which are approved by Federal Information Processing Standards (FIPS), are considered more secure. It's important to use a cryptographic algorithm that is currently considered to be the best by experts in the field.

Mitigation and prevention

To avoid poor encryption issues:

• Use the strongest encryption algorithm possible from proven, secure crypto libraries.
• If your code is accessing an existing privileged service, let the service handle authentication.
• Don't hard-code sensitive data or store encryption keys.
• If you use MD5-based encryption, make sure you include a salt parameter (a string starting with "$1$") to vary the encryption algorithm.

Vulnerable code example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
   #include <stdio.h>
   #include <time.h>
   #include <unistd.h>
   #include <crypt.h>
    
   int
   main(void)
   {
     unsigned long seed[2];
    char salt[] = "$1$........";
    const char *const seedchars =
      "./0123456789ABCDEFGHIJKLMNOPQRST"
      "UVWXYZabcdefghijklmnopqrstuvwxyz";
    char *password;
    int i;
   
    /* Generate a (not very) random seed.
       You can do it better than this... */
    seed[0] = time(NULL);
    seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000);
   
    /* Turn it into printable characters from 'seedchars'. */
    for (i = 0; i < 8; i++)
      salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f];
  
    /* Read in the user's password and encrypt it. */
    password = crypt(getpass("Password:"), salt); // SV.WEAK_CRYPTO.WEAK_HASH is reported here
  
    /* Print the results. */
    puts(password);
    return 0;
  }

Related checkers

• HCC
• RCA
• RCA.HASH.SALT.EMPTY
• SV.WEAK.CRYPT

External guidance

• CWE-287: Improper Authentication
• CWE-290: Authentication Bypass by Spoofing
• CWE-327: Use of a Broken or Risky Cryptographic Algorithm
• MSC18-C: Be careful while handling sensitive data, such as passwords, in program code
• OWASP A2:2021 Cryptographic Failures
• OWASP A7:2021 Identification and Authentication Failures
• STIG-ID: APP3150.1 FIPS 140-2
• STIG-ID: APP3330 Password Transmission
• STIG-ID: APP3340 Password Storage

Security training

Application security training materials provided by Secure Code Warrior.

• Improper Authentication Training Video - Test your skills with a training example
• Weak Crypto Algorithm Training Video - Test your skills with a training example