Insecurely generated token
Description
It is possible to crack the token's hash and obtain the information it is masking because it is not generated using a secure cryptographic mechanism.
Impact
Reuse session tokens after 14 days created.
Recommendation
Generate a token with random components without sensitive information.
Threat
Anonymous attacker from the Internet with access to the hash.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: H
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: P
- Remediation level: X
- Report confidence: R
Result
- Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:R
- Score:
- Base: 4.8
- Temporal: 4.4
- Severity:
- Base: Medium
- Temporal: Medium
Code Examples
Compliant code
Secure and modern hashing algorithms are used by the application
function hashPassword(password) {
this.salt = crypto.randomBytes(256).toString('hex');
this.hash = crypto.pbkdf2Sync(password, this.salt, 1000, 64, `sha512`).toString(`hex`);
return
}
Non compliant code
An insecure hashing algorithm is used to create the token hash
function hashPassword(password) {
const md5sum = crypto.createHash('md5');
const res = md5sum.update(password);
return res;
}