...
In both the setPassword()
and checkPassword()
methods, the cleartext representation of the password is erased immediately after is converted into a hash value. Consequently, an attacker cannot get the password as cleartext after the erasure.
Exceptions
Applicability
Passwords stored without a secure hash are exposed to malicious users. Violations of this guideline generally have a clear exploit associated with them.
MSC04-EX0: Applications such as password managers may need to retrieve the original password in order to enter it into a third-party application. This is permitted, even though it violates the ruleguidline. The password manager is accessed by a single user and always has the user's permission to store his passwords and to display those passwords on command. As a result, provided the user is competent, the program's operation will be safe.
Risk Assessment
Passwords stored without a secure hash are exposed to malicious users. Violations of this rule generally have a clear exploit associated with them.
...
Guideline
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
MSC66-JG
...
medium
...
likely
...
high
...
P6
...
Related Guidelines
"Insufficiently Protected Credentials [XYM]" | |
CWE ID 256, "Plaintext Storage of a Password" |
...