Use_of_a_One_Way_Hash_without_a_Salt issue exists @ webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java in branch develop
The application protects passwords with digest in genUserHash, of webgoat-lessons\missing-function-ac\src\main\java\org\owasp\webgoat\missing_ac\DisplayUser.java at line 62, using a cryptographic hash ""SHA-256"". However, the code does not salt the hash with an unpredictable, random value, allowing an attacker to reverse the hash value.
Use_of_a_One_Way_Hash_without_a_Salt issue exists @ webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java in branch develop
The application protects passwords with digest in genUserHash, of webgoat-lessons\missing-function-ac\src\main\java\org\owasp\webgoat\missing_ac\DisplayUser.java at line 62, using a cryptographic hash ""SHA-256"". However, the code does not salt the hash with an unpredictable, random value, allowing an attacker to reverse the hash value.
Severity: Medium
CWE:759
Vulnerability details and guidance
Internal Guidance
Checkmarx
Training Recommended Fix
Lines: 63
Code (Line #63):