logo

Database

Cracked weak credentials

Description

The low complexity of the hashes stored in the database considerably reduces the amount of time required to crack them.

Impact

Unauthorized access, or even the insufficient data validation can make the system vulnerable.

Recommendation

Ensure that functions of password summary have a minimum size of 256 bits.

Threat

Authenticated attacker from Internet with access to the hashes.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

134 - Store passwords with salt135 - Passwords with random salt150 - Set minimum size for hash functions

Fixes

CsharpElixirGoJavaPhpPythonRubyScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

A

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N