CWE-836: Use of Password Hash Instead of Password for Authentication
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity
说明: An attacker could bypass the authentication routine without knowing the original password.
观察示例
参考: CVE-2009-1283
Product performs authentication with user-supplied password hashes that can be obtained from a separate SQL injection vulnerability (CVE-2009-1282).
参考: CVE-2005-3435
Product allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |