According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis
CWE-916 Base Incompleto
Use of Password Hash With Insufficient Computational Effort
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the…
Definición
What is CWE-916?
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the stored password hashes using brute-force methods.
Storing password hashes instead of plaintext passwords is a fundamental security practice, but not all hashes are created equal. Fast, efficient cryptographic hashes like MD5 or SHA-1 are designed for speed, which becomes a major weakness for password storage. If an attacker steals these hashes (e.g., via a database breach), they can use powerful, parallel computing (like GPUs or cloud clusters) to test billions of password guesses per second, rapidly recovering user credentials. To resist these attacks, a password hashing scheme must be deliberately slow, memory-intensive, and include a unique salt for each password.
Effective password hashing requires a combination of computational cost (key stretching), memory-hard operations, and salting to significantly slow down an attacker's offline cracking attempts. While SAST tools can detect the use of weak hash functions, Plexicus uses AI to analyze your codebase for these patterns and provides automated, context-aware remediation guidance, helping you upgrade to robust algorithms like Argon2, bcrypt, or scrypt efficiently. This shifts the security balance, making cracking attempts prohibitively expensive and time-consuming for attackers.
Impacto en el mundo real
Real-world CVEs caused by CWE-916
-
Router does not use a salt with a hash, making it easier to crack passwords.
-
Router does not use a salt with a hash, making it easier to crack passwords.
-
Blogging software uses a hard-coded salt when calculating a password hash.
-
Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.
-
Server uses a constant salt when encrypting passwords, simplifying brute force attacks.
-
chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.
Cómo lo explotan los atacantes
Ruta del atacante paso a paso
- 1
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
- 2
While it is good to avoid storing a cleartext password, the program does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.
- 3
Fixing this is as simple as providing a salt to the hashing function on initialization:
- 4
Note that regardless of the usage of a salt, the md5 hash is no longer considered secure, so this example still exhibits CWE-327.
Ejemplo de código vulnerable
Vulnerable Python
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
def storePassword(userName,Password):
hasher = hashlib.new('md5')
hasher.update(Password)
hashedPassword = hasher.digest()
```
# UpdateUserLogin returns True on success, False otherwise*
return updateUserLogin(userName,hashedPassword) Ejemplo de código seguro
Secure Python
Fixing this is as simple as providing a salt to the hashing function on initialization:
def storePassword(userName,Password):
hasher = hashlib.new('md5',b'SaltGoesHere')
hasher.update(Password)
hashedPassword = hasher.digest()
```
# UpdateUserLogin returns True on success, False otherwise*
return updateUserLogin(userName,hashedPassword) What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención
How to prevent CWE-916
- Architecture and Design Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use. Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead. Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
- Implementation / Architecture and Design When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Señales de detección
How to detect CWE-916
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Configuration Checker
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Formal Methods / Correct-By-Construction ``` Cost effective for partial coverage: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Plexicus detecta automáticamente CWE-916 y abre un PR de corrección en menos de 60 segundos.
Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.
Preguntas frecuentes ¿Qué es CWE-916?
¿Qué gravedad tiene CWE-916?
¿Qué lenguajes o plataformas se ven afectados por CWE-916?
¿Cómo puedo prevenir CWE-916?
¿Cómo detecta y corrige Plexicus CWE-916?
¿Dónde puedo aprender más sobre CWE-916?
Frequently asked questions
¿Qué es CWE-916?
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the stored password hashes using brute-force methods.
¿Qué gravedad tiene CWE-916?
MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.
¿Qué lenguajes o plataformas se ven afectados por CWE-916?
MITRE no ha especificado plataformas afectadas para esta CWE — puede aplicar a la mayoría de los stacks de aplicaciones.
¿Cómo puedo prevenir CWE-916?
Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally,…
¿Cómo detecta y corrige Plexicus CWE-916?
El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-916 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.
¿Dónde puedo aprender más sobre CWE-916?
MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/916.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.
Debilidades relacionadas
Weaknesses related to CWE-916
CWE-328 Padre
Use of Weak Hash
This vulnerability occurs when software uses a hashing algorithm that is cryptographically weak, allowing attackers to feasibly reverse…
CWE-759 Hijo
Use of a One-Way Hash without a Salt
This vulnerability occurs when a system uses a one-way hash function (like MD5 or SHA-256) to protect sensitive data like passwords, but…
CWE-760 Hijo
Use of a One-Way Hash with a Predictable Salt
This vulnerability occurs when an application uses a one-way hash (like for password storage) but combines it with a predictable or easily…
Recursos
Further reading
- MITRE — CWE-916 oficial https://cwe.mitre.org/data/definitions/916.html
- bcrypt https://bcrypt.sourceforge.net/
- Tarsnap - The scrypt key derivation function and encryption utility http://www.tarsnap.com/scrypt.html
- RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0 https://www.rfc-editor.org/rfc/rfc2898
- How To Safely Store A Password https://codahale.com/how-to-safely-store-a-password/
- How Companies Can Beef Up Password Security (interview with Thomas H. Ptacek) https://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/
- Password security: past, present, future https://www.openwall.com/presentations/PHDays2012-Password-Security/
Listo cuando tú lo estés
Deja de pagar por desarrollador.
Empieza a cerrar el bucle.
Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.