CWE-261

Mitigation

Phases:

Description:

• Passwords should be encrypted with keys that are at least 128 bits in length for adequate security.

CAPEC-55: Rainbow Table Password Cracking

An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.