505157 : Flash application contains MD5 hash (/typo3conf/ext/et_postcard/flash/postcardEditor.swf)

Risk 2 : Web Services

An attacker could potentially gain access to passwords or other sensitive information.

Adobe Flash is a platform for enhancing the content of web pages. Its capabilities include animation, video, and user interactivity.

Flash applications are delivered to the browser as SWF (Small Web Format) files, which can include sound, graphics, and instruction code written in the ActionScript language.

The Flash application contains a string produced by an insecure hashing algorithm. An attacker who possesses sufficient time and processing power could potentially crack the hash, revealing the cleartext string, which may be a password or other sensitive information.

See RSA for more information about weaknesses in http://www.rsa.com/rsalabs/node.asp?id=2834 SHA-1, http://www.rsa.com/rsalabs/node.asp?id=2738 SHA-0 and MD5.

More information about Flash application security is available from the https://www.owasp.org/index.php/Category:OWASP_Flash_Security_Project OWASP Flash Security Project.

Solution:

Use a cryptographically secure hashing algorithm, such as http://en.wikipedia.org/wiki/SHA-2 SHA-2, to protect sensitive strings.

CVSS Information:
Partial Confidentiality Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2011-08-28
New Search
Keywords
Risk Factor
Start Date
End Date
Browse