Password Hashing: Do not use MD5

Description

Impact

User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default admin user.

This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes.

Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords.

Patches

The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated.

For a list of users whose password hashes are stored using MD5, take a look at the /user-utils/users/md5.json REST endpoint.

Workarounds

There is no workaround.

References

For more information

If you have any questions or comments about this advisory:

Basic information

Type
reviewed
Severity
low
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Not specified
Published (advisory)
2020-01-30 21:21:58 UTC
Updated
2023-01-09 05:02:06 UTC
GitHub reviewed
2020-01-30 19:59:06 UTC

EPSS Score

Score Percentile
0.15% 36.46%

CVSS Scores

Base score Version Severity Vector
7.7 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.

Identifiers

CWEs

CWE id Name
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Affected packages (2)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven org.opencastproject:opencast-common-jpa-impl < 7.6 7.6
maven org.opencastproject:opencast-common-jpa-impl >= 8.0, < 8.1 8.1

References

cvelogic Threat Intelligence