...
The client program runs through the sequence of all possible hash codes using CraftedLicenseType until it successfully matches the hash code of the demo license key object stored in the LicenseManager class. Consequently, the attacker can discover the sensitive data present within the licenseMap in only a few minutes. The attack operates by discovering at least one hash collision with respect to the key of the map.
Compliant Solution (IdentityHashMap)
This compliant solution uses an IdentityHashMap rather than a HashMap to store the license information:
...
Bibliography
| [API 2011] | Class IdentityHashMap |
| [Hawtin 06] | [drlvm][kernel_classes] ThreadLocal vulnerability |
...