SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1947

Back to the previous page... Back to the previous page

Test Case IDCandidate1947
Bad / Good / MixedBadBad test case
Author
Associations
Test suite: 31  
Added byRomain Gaucher
LanguagePHP
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2007-03-13
DescriptionThe test case shows a not so weak encryption practice. Here the password is stored in the cookie as a salted SHA-256 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-326: Inadequate Encryption Strength on line(s): 28