CAPEC-55 Detail

CAPEC-55

Name

Rainbow Table Password Cracking

Likihood attacks

Medium

Typical Severity

Medium

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-02-22
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.

Informations CAPEC

Execution Flow

1) Explore

[Determine application's/system's password policy] Determine the password policies of the target application/system.

Technique

Determine minimum and maximum allowed password lengths.
Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).
Determine account lockout policy (a strict account lockout policy will prevent brute force attacks).

2) Explore

[Obtain password hashes] An attacker gets access to the database table storing hashes of passwords or potentially just discovers a hash of an individual password.

Technique

Obtain copy of database table or flat file containing password hashes (by breaking access controls, using SQL Injection, etc.)
Obtain password hashes from platform-specific storage locations (e.g. Windows registry)
Sniff network packets containing password hashes.

3) Exploit

[Run rainbow table-based password cracking tool] An attacker finds or writes a password cracking tool that uses a previously computed rainbow table for the right hashing algorithm. It helps if the attacker knows what hashing algorithm was used by the password system.

Technique

Run rainbow table-based password cracking tool such as Ophcrack or RainbowCrack. Reduction function must depend on application's/system's password policy.

Prerequisites

Hash of the original password is available to the attacker. For a better chance of success, an attacker should have more than one hash of the original password, and ideally the whole table.
Salt was not used to create the hash of the original password. Otherwise the rainbow tables have to be re-computed, which is very expensive and will make the attack effectively infeasible (especially if salt was added in iterations).
The system uses one factor password based authentication.

Skills Required

A variety of password cracking tools are available that can leverage a rainbow table. The more difficult part is to obtain the password hash(es) in the first place.

Resources Required

Rainbow table of password hash chains with the right algorithm used. A password cracking tool that leverages this rainbow table will also be required. Hash(es) of the password is required.

Mitigations

Use salt when computing password hashes. That is, concatenate the salt (random bits) with the original password prior to hashing it.

Related Weaknesses

CWE-ID	Weakness Name
CWE-261	Weak Encoding for Password Obscuring a password with a trivial encoding does not protect the password.
CWE-521	Weak Password Requirements The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
CWE-262	Not Using Password Aging The product does not have a mechanism in place for managing password aging.
CWE-263	Password Aging with Long Expiration The product supports password aging, but the expiration period is too long.
CWE-654	Reliance on a Single Factor in a Security Decision A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
CWE-916	Use of Password Hash With Insufficient Computational Effort The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CWE-308	Use of Single-factor Authentication The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
CWE-309	Use of Password System for Primary Authentication The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Description, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated @Abstraction, Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Extended_Description