Read Time:37 Second

Description

The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-287
CWE-602

 

Consequences

Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity

An attacker could bypass the authentication routine without knowing the original password.

 

Potential Mitigations

CVE References

 

  • CVE-2009-1283
    • Product performs authentication with user-supplied password hashes that can be obtained from a separate SQL injection vulnerability (CVE-2009-1282).
  • CVE-2005-3435
    • Product allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument.