338 – Insecure service configuration - Salt
Description
Salt is generated in an insecure way, which makes the password easier to guess.
Impact
Obtain valid credentials through dictionary attacks.
Recommendation
Generate the Salt with a secure hashing function.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P