界: Security Features
軟體安全性並非安全性軟體。我們關注驗證、Access Control、保密性、加密以及權限管理之類的主題。
Weak Cryptographic Hash: User-Controlled Seed
Abstract
不應使用使用者輸入種子值呼叫產生加密式雜湊的方法。
Explanation
低等的加密式雜湊:使用者控制的種子問題會在以下情況中發生:
1.資料透過一個不可信賴的來源進入程式。
2.使用者控制的資料包含在種子演算,或全部用作加密式雜湊函數內的種子。
如同許多軟體的安全性弱點一樣,低等的加密式雜湊:使用者控制的種子是達到目的的一種手段,而不是一個目的。此弱點的基礎很簡單:攻擊者將惡意資料傳送至應用程式,然後將該資料用作加密式雜湊函數中種子的全部或一部分。
使用者控制的種子可以啟用各種攻擊:
1.攻擊者可能使用此弱點為要雜湊的資料指定空種子。攻擊者可使用大量不同的雜湊演算法來快速雜湊要雜湊的資料,進而洩露有關應用程式內使用的雜湊實作的資訊。透過限制使用特定版本的雜湊,這會更輕鬆地「破解」其他資料值。
2.如果攻擊者可操縱其他使用者的種子,或誘騙其他使用者使用空種子,則攻擊者可計算應用程式的「彩虹表」並且輕鬆地判斷雜湊值。
範例 1:以下程式碼使用使用者控制的種子來進行密碼雜湊:
1.資料透過一個不可信賴的來源進入程式。
2.使用者控制的資料包含在種子演算,或全部用作加密式雜湊函數內的種子。
如同許多軟體的安全性弱點一樣,低等的加密式雜湊:使用者控制的種子是達到目的的一種手段,而不是一個目的。此弱點的基礎很簡單:攻擊者將惡意資料傳送至應用程式,然後將該資料用作加密式雜湊函數中種子的全部或一部分。
使用者控制的種子可以啟用各種攻擊:
1.攻擊者可能使用此弱點為要雜湊的資料指定空種子。攻擊者可使用大量不同的雜湊演算法來快速雜湊要雜湊的資料,進而洩露有關應用程式內使用的雜湊實作的資訊。透過限制使用特定版本的雜湊,這會更輕鬆地「破解」其他資料值。
2.如果攻擊者可操縱其他使用者的種子,或誘騙其他使用者使用空種子,則攻擊者可計算應用程式的「彩虹表」並且輕鬆地判斷雜湊值。
範例 1:以下程式碼使用使用者控制的種子來進行密碼雜湊:
...
String seed = prop.getProperty("seed");
Hashing.murmur3_32_fixed(Integer.parseInt(seed)).hashString("foo", StandardCharsets.UTF_8);
...
Example 1 中的程式碼將成功執行,但可取得此功能的任何人均能夠透過修改屬性 seed 操縱用於雜湊密碼的種子。程式發佈後,就很難復原與使用者控制的種子相關的問題,因為您可能沒有辦法瞭解密碼雜湊是否有由惡意使用者決定的種子。References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 328, CWE ID 760
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002450
[3] Standards Mapping - FIPS200 MP
[4] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[5] Standards Mapping - NIST Special Publication 800-53 Revision 4 AU-10 Non-Repudiation (P2), SC-13 Cryptographic Protection (P1)
[6] Standards Mapping - NIST Special Publication 800-53 Revision 5 AU-10 Non-Repudiation, SC-13 Cryptographic Protection
[7] Standards Mapping - OWASP Application Security Verification Standard 4.0 2.4.1 Credential Storage Requirements (L2 L3), 2.4.2 Credential Storage Requirements (L2 L3), 2.4.5 Credential Storage Requirements (L2 L3), 2.6.3 Look-up Secret Verifier Requirements (L2 L3), 2.8.3 Single or Multi Factor One Time Verifier Requirements (L2 L3), 2.9.3 Cryptographic Software and Devices Verifier Requirements (L2 L3), 6.2.1 Algorithms (L1 L2 L3), 6.2.2 Algorithms (L2 L3), 6.2.3 Algorithms (L2 L3), 6.2.4 Algorithms (L2 L3), 6.2.5 Algorithms (L2 L3), 6.2.6 Algorithms (L2 L3), 6.2.7 Algorithms (L3), 8.3.7 Sensitive Private Data (L2 L3), 9.1.2 Communications Security Requirements (L1 L2 L3), 9.1.3 Communications Security Requirements (L1 L2 L3)
[8] Standards Mapping - OWASP Mobile 2014 M6 Broken Cryptography
[9] Standards Mapping - OWASP Mobile 2024 M10 Insufficient Cryptography
[10] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CRYPTO-1
[11] Standards Mapping - OWASP Top 10 2004 A8 Insecure Storage
[12] Standards Mapping - OWASP Top 10 2007 A8 Insecure Cryptographic Storage
[13] Standards Mapping - OWASP Top 10 2010 A7 Insecure Cryptographic Storage
[14] Standards Mapping - OWASP Top 10 2013 A6 Sensitive Data Exposure
[15] Standards Mapping - OWASP Top 10 2017 A3 Sensitive Data Exposure
[16] Standards Mapping - OWASP Top 10 2021 A02 Cryptographic Failures
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.8
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.3, Requirement 6.5.8
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.3
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.3
[21] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.3
[22] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.3
[23] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.3
[24] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[25] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 3.3.2, Requirement 3.3.3, Requirement 3.5.1, Requirement 6.2.4
[26] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 7.1 - Use of Cryptography, Control Objective 7.4 - Use of Cryptography
[27] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 7.1 - Use of Cryptography, Control Objective 7.4 - Use of Cryptography, Control Objective B.2.3 - Terminal Software Design
[28] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 7.1 - Use of Cryptography, Control Objective 7.4 - Use of Cryptography, Control Objective B.2.3 - Terminal Software Design
[29] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3150.1 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3150.1 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3150.1 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3150.1 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3150.1 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3150.1 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3150.1 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[47] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[48] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[49] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-000590 CAT II, APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
[50] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-000590 CAT II, APSC-DV-002010 CAT II, APSC-DV-002020 CAT II, APSC-DV-002030 CAT II
desc.dataflow.java.weak_encryption_user_controlled.seed