Test case 1946

Type: source code
State: bad
Status: candidate
Language: PHP
Submission Date: 13 Mar 2007

Description

The test case shows a weak encryption practice. Here the password is stored in the cookie as a salted SHA-1 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.

Flaws

CWE-326 Inadequate Encryption Strength

Test Suites

Web Applications in PHP

Have any comments on this test case? Please, send us an email.