目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-759 使用未加Salt的单向哈希算法 类漏洞列表 9

CWE-759 使用未加Salt的单向哈希算法 类弱点 9 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-759 属于密码学实现缺陷,指在哈希单向数据(如密码)时未使用盐值。攻击者常利用彩虹表等字典攻击技术,通过预计算快速反推明文,从而窃取凭证。开发者应避免此风险,在哈希计算前引入随机盐值,确保相同明文生成不同哈希,有效抵御预计算攻击,提升存储数据的安全性。

MITRE CWE 官方描述
CWE:CWE-759 使用无盐(Salt)的单向哈希(Hash) 产品对不应可逆的输入(如密码)使用单向加密哈希(Hash),但未在输入中同时使用盐(Salt)。 这使得攻击者更容易使用字典攻击技术(如彩虹表(Rainbow Tables))预先计算哈希值。需要注意的是,尽管存在普遍看法,但在使用哈希时添加良好的盐(Salt)并不足以显著增加针对单个密码的攻击成本,也不足以增加拥有大量计算资源(如基于云的服务或专用廉价硬件)的攻击者的攻击成本。如果哈希函数计算成本不高,离线密码破解仍然可能有效;许多加密函数旨在高效运行,即使哈希本身在密码学上是强健的,也可能因遭受使用大规模计算资源的攻击而存在漏洞。与其他策略(如自适应哈希函数)相比,使用盐(Salt)仅略微增加了攻击者的计算需求。有关更多详细信息,请参阅 CWE-916。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
If an attacker can gain access to the hashes, then the lack of a salt makes it easier to conduct brute force attacks using techniques such as rainbow tables.
缓解措施 (3)
Architecture and DesignUse an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For ex…
Effectiveness: High
Architecture and DesignIf a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.
Effectiveness: Limited
Implementation, Architecture and DesignWhen using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
代码示例 (2)
In both of these examples, a user is logged in if their given password matches a stored password:
unsigned char *check_passwd(char *plaintext) { ctext = simple_digest("sha1",plaintext,strlen(plaintext), ... ); //Login if hash matches stored hash if (equal(ctext, secret_password())) { login_user(); } }
Bad · C
String plainText = new String(plainTextIn); MessageDigest encer = MessageDigest.getInstance("SHA"); encer.update(plainTextIn); byte[] digest = password.digest(); //Login if hash matches stored hash if (equal(digest,secret_password())) { login_user(); }
Bad · Java
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
def storePassword(userName,Password): hasher = hashlib.new('md5') hasher.update(Password) hashedPassword = hasher.digest() # UpdateUserLogin returns True on success, False otherwise return updateUserLogin(userName,hashedPassword)
Bad · Python
def storePassword(userName,Password): hasher = hashlib.new('md5',b'SaltGoesHere') hasher.update(Password) hashedPassword = hasher.digest() # UpdateUserLogin returns True on success, False otherwise return updateUserLogin(userName,hashedPassword)
Good · Python
CVE ID标题CVSS风险等级Published
CVE-2025-36253 IBM Concert 安全漏洞 — Concert 5.9 Medium2026-02-02
CVE-2025-10205 ABB FLXEON 安全漏洞 — FLXEON 8.8 High2025-09-17
CVE-2025-53884 NeuVector 安全漏洞 — neuvector 5.3 Medium2025-09-17
CVE-2025-27408 Manifest 安全漏洞 — manifest 4.8 Medium2025-02-28
CVE-2023-33838 IBM Security Verify Governance 安全漏洞 — Security Verify Governance 4.4 Medium2025-01-29
CVE-2023-1430 WordPress Plugin FluentCRM- Marketing Automation 安全漏洞 — FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution 6.5 Medium2023-06-09
CVE-2020-25164 B. Braun Melsungen Ag B. Braun Melsungen AG SpaceCom 安全漏洞 — SpaceCom 6.5 Medium2022-04-14
CVE-2021-21253 OnlineVotingSystem 加密问题漏洞 — OnlineVotingSystem 5.8 Medium2021-01-21
CVE-2020-16244 APM Classic 安全漏洞 — GE Digital APM Classic 6.7 -2020-09-23

CWE-759(使用未加Salt的单向哈希算法) 是常见的弱点类别,本平台收录该类弱点关联的 9 条 CVE 漏洞。