English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CAPEC-55

Rainbow Table Password Cracking
MEDIUM
MEDIUM
Draft
2014-06-23 00:00 +00:00
2022-02-22 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des alertes

Description

An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.

Informations

Execution Flow

1) Explore

[Determine application's/system's password policy] Determine the password policies of the target application/system.

Technique
  • Determine minimum and maximum allowed password lengths.
  • Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).
  • Determine account lockout policy (a strict account lockout policy will prevent brute force attacks).

2) Explore

[Obtain password hashes] An attacker gets access to the database table storing hashes of passwords or potentially just discovers a hash of an individual password.

Technique
  • Obtain copy of database table or flat file containing password hashes (by breaking access controls, using SQL Injection, etc.)
  • Obtain password hashes from platform-specific storage locations (e.g. Windows registry)
  • Sniff network packets containing password hashes.

3) Exploit

[Run rainbow table-based password cracking tool] An attacker finds or writes a password cracking tool that uses a previously computed rainbow table for the right hashing algorithm. It helps if the attacker knows what hashing algorithm was used by the password system.

Technique
  • Run rainbow table-based password cracking tool such as Ophcrack or RainbowCrack. Reduction function must depend on application's/system's password policy.

Prerequisites

Hash of the original password is available to the attacker. For a better chance of success, an attacker should have more than one hash of the original password, and ideally the whole table.
Salt was not used to create the hash of the original password. Otherwise the rainbow tables have to be re-computed, which is very expensive and will make the attack effectively infeasible (especially if salt was added in iterations).
The system uses one factor password based authentication.

Skills Required

A variety of password cracking tools are available that can leverage a rainbow table. The more difficult part is to obtain the password hash(es) in the first place.

Resources Required

Rainbow table of password hash chains with the right algorithm used. A password cracking tool that leverages this rainbow table will also be required. Hash(es) of the password is required.

Mitigations

Use salt when computing password hashes. That is, concatenate the salt (random bits) with the original password prior to hashing it.

Faiblesses connexes

CWE-ID Nom de la faiblesse
CWE-261 Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
CWE-262 Not Using Password Aging
The product does not have a mechanism in place for managing password aging.
CWE-263 Password Aging with Long Expiration
The product supports password aging, but the expiration period is too long.
CWE-654 Reliance on a Single Factor in a Security Decision
A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CWE-308 Use of Single-factor Authentication
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
CWE-309 Use of Password System for Primary Authentication
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Description, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated @Abstraction, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.