From c6b51ce9f31abd78fe7418ba29fc96d93f14500d Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Tue, 15 Aug 2023 17:12:41 +1000
Subject: [PATCH] Addition of Weak Hash Sub Category and Variants
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
---
.../weak_hash/guidance.md | 5 +++++
.../weak_hash/lack_of_salt/guidance.md | 5 +++++
.../weak_hash/lack_of_salt/recommendations.md | 7 ++++++
.../weak_hash/lack_of_salt/template.md | 22 +++++++++++++++++++
.../predictable_hash_collision/guidance.md | 5 +++++
.../recommendations.md | 7 ++++++
.../predictable_hash_collision/template.md | 22 +++++++++++++++++++
.../weak_hash/recommendations.md | 7 ++++++
.../weak_hash/template.md | 22 +++++++++++++++++++
.../use_of_predictable_salt/guidance.md | 5 +++++
.../recommendations.md | 7 ++++++
.../use_of_predictable_salt/template.md | 22 +++++++++++++++++++
12 files changed, 136 insertions(+)
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/guidance.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/guidance.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/recommendations.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/guidance.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/recommendations.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/template.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/recommendations.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/template.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/guidance.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/recommendations.md
create mode 100644 submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/template.md
diff --git a/submissions/description/cryptographic_weakness/weak_hash/guidance.md b/submissions/description/cryptographic_weakness/weak_hash/guidance.md
new file mode 100644
index 00000000..eca4bf21
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/guidance.md
@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the weak hash, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
diff --git a/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/guidance.md b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/guidance.md
new file mode 100644
index 00000000..84d42baa
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/guidance.md
@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the lack of salt for the hash, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
diff --git a/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/recommendations.md b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/recommendations.md
new file mode 100644
index 00000000..227b5229
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/recommendations.md
@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Ensure that a unique, randomly generated salt value is used prior to the computation of the hash.
+
+For more information, refer to the following resource:
+
+-
diff --git a/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
new file mode 100644
index 00000000..ec70bf99
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/lack_of_salt/template.md
@@ -0,0 +1,22 @@
+# Lack of Salt
+
+## Overview of the Vulnerability
+
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. It was identified that the hash does not have a salt which can allow an attacker to use rainbow table attacks.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Setup {{software}} to intercept and log requests
+1. Use a browser to navigate to: {{URL}}
+1. {{action}} to view unencrypted requests
+
+## Proof of Concept (PoC)
+
+The screenshot below demonstrates the lack of salt:
+
+{{screenshot}}
diff --git a/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/guidance.md b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/guidance.md
new file mode 100644
index 00000000..6447d361
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/guidance.md
@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the predictable hash collision, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
diff --git a/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/recommendations.md b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/recommendations.md
new file mode 100644
index 00000000..2c04e413
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/recommendations.md
@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Ensure the use of only vetted and unbroken hashing algorithms.
+
+For more information, refer to the following resource:
+
+-
diff --git a/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/template.md b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/template.md
new file mode 100644
index 00000000..d7f58f3e
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/predictable_hash_collision/template.md
@@ -0,0 +1,22 @@
+# Predictable Hash Collision
+
+## Overview of the Vulnerability
+
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A predictable hash collision was identified where the same hash value is generated by a hashing algorithm for different plaintext inputs. This can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Setup {{software}} to intercept and log requests
+1. Use a browser to navigate to: {{URL}}
+1. {{action}} to view unencrypted requests
+
+## Proof of Concept (PoC)
+
+The screenshot below demonstrates the predictable hash collision:
+
+{{screenshot}}
diff --git a/submissions/description/cryptographic_weakness/weak_hash/recommendations.md b/submissions/description/cryptographic_weakness/weak_hash/recommendations.md
new file mode 100644
index 00000000..2c04e413
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/recommendations.md
@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Ensure the use of only vetted and unbroken hashing algorithms.
+
+For more information, refer to the following resource:
+
+-
diff --git a/submissions/description/cryptographic_weakness/weak_hash/template.md b/submissions/description/cryptographic_weakness/weak_hash/template.md
new file mode 100644
index 00000000..cb93b17b
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/template.md
@@ -0,0 +1,22 @@
+# Weak Hash
+
+## Overview of the Vulnerability
+
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A weak hash was identified which can allow an attacker to break the confidentiality and integrity of requests sent to and from the endpoint.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Setup {{software}} to intercept and log requests
+1. Use a browser to navigate to: {{URL}}
+1. {{action}} to view unencrypted requests
+
+## Proof of Concept (PoC)
+
+The screenshot below demonstrates the weak hash:
+
+{{screenshot}}
diff --git a/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/guidance.md b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/guidance.md
new file mode 100644
index 00000000..1c2ab75b
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/guidance.md
@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the predictable salt, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
diff --git a/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/recommendations.md b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/recommendations.md
new file mode 100644
index 00000000..2c04e413
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/recommendations.md
@@ -0,0 +1,7 @@
+# Recommendation(s)
+
+Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Ensure the use of only vetted and unbroken hashing algorithms.
+
+For more information, refer to the following resource:
+
+-
diff --git a/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/template.md b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/template.md
new file mode 100644
index 00000000..28c57659
--- /dev/null
+++ b/submissions/description/cryptographic_weakness/weak_hash/use_of_predictable_salt/template.md
@@ -0,0 +1,22 @@
+# Use of Predictable Salt
+
+## Overview of the Vulnerability
+
+Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A predictable salt in the hashing mechanism was identified which can allow an attacker to use rainbow table attacks.
+
+## Business Impact
+
+This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
+
+## Steps to Reproduce
+
+1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
+1. Setup {{software}} to intercept and log requests
+1. Use a browser to navigate to: {{URL}}
+1. {{action}} to view unencrypted requests
+
+## Proof of Concept (PoC)
+
+The screenshot below demonstrates the predictable salt:
+
+{{screenshot}}