Juicy Shop

Weak Password Hashing

CryptographyA02:2021 – Cryptographic Failureshigh

Vulnerability

Passwords are stored as a plain SHA-256 digest with no salt and no work factor. SHA-256 is designed to be fast, so an attacker who steals the database can try billions of guesses per second on a GPU, and because there is no per-user salt, identical passwords share a hash and precomputed rainbow tables apply directly. The result is that a database leak effectively exposes most users' passwords.

Exploit Steps

  1. Obtain the stored password hashes (e.g. via another vulnerability or a backup)
  2. Identify the algorithm as unsalted SHA-256 by the digest length and format
  3. Run a GPU cracker (hashcat) or a rainbow table against the hashes
  4. Recover plaintext passwords for any weak or reused credentials within minutes

Tools: hashcat, John the Ripper, rainbow tables

Mitigation & Solution

Use a slow, salted, memory-hard password hash — Argon2id (preferred), scrypt, or bcrypt — with a per-user random salt and a tuned work factor. Never use fast general-purpose hashes (MD5/SHA-1/SHA-256) for passwords. Re-evaluate the work factor as hardware improves.

Coding Challenge

Find It

File: apps/juicy-shop/src/security-examples/weak-password-hash.ts

Click the line that contains the vulnerability:

Fix It