...
Because the '1'='1' is automatically true, the password is never validated. Consequently, the attacker is falsely inappropriately logged in as user Utah without having to know the password.
To comply Compliance with MSC51-J. Store passwords using a hash function, the passwords would have to be encrypted requires encrypting the passwords. Unfortunately, on many small systems , they are not, fail to comply with MSC51-J so the password text added in the query string would match precisely what the user enters. An attacker could supply a password such as:
...
This time, the '1'='1' tautology disables both login ID and password validation, and the attacker is falsely inappropriately logged in without knowing knowledge of either a login ID or a password.
Noncompliant Code Example
In this This noncompliant code example , reads a user name and password are read from the user and used uses them to construct the query string. The password is passed as a char array, and then hashed, all to to comply with MSC51-J. Store passwords using a hash function and MSC63-JG. Limit the lifetime of sensitive data.
...