CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-257: Storing Passwords in a Recoverable Format

 
Storing Passwords in a Recoverable Format
Weakness ID: 257 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality
Access Control

Technical Impact: Gain privileges / assume identity

User's passwords may be revealed.

Access Control

Technical Impact: Gain privileges / assume identity

Revealed passwords may be reused elsewhere to impersonate the users in question.

+ Likelihood of Exploit

Very High

+ Demonstrative Examples

Example 1

Both of these examples verify a password by comparing it to a stored compressed version.

(Bad Code)
Example Languages: C and C++ 
int VerifyAdmin(char *password) {
if (strcmp(compress(password), compressed_password)) {
printf("Incorrect Password!\n");
return(0);
}
printf("Entering Diagnostic Mode...\n");
return(1);
}
(Bad Code)
Example Language: Java 
int VerifyAdmin(String password) {
if (passwd.Equals(compress(password), compressed_password)) {
return(0);
}
//Diagnostic Mode
return(1);
}

Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database.

+ Potential Mitigations

Phase: Architecture and Design

Use strong, non-reversible encryption to protect stored passwords.

+ Other Notes

The use of recoverable passwords significantly increases the chance that passwords will be used maliciously. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plain-text passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders.

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Development Concepts (primary)699
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base259Use of Hard-coded Password
Research Concepts1000
PeerOfWeakness BaseWeakness Base798Use of Hard-coded Credentials
Research Concepts1000
+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPStoring passwords in a recoverable format
+ Maintenance Notes

The meaning of this node needs to be investigated more closely, especially with respect to what is meant by "recoverable."

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2008-10-14CWE Content TeamMITREInternal
updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations
2010-02-16CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Demonstrative_Examples
Page Last Updated: September 12, 2011