Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Challenge 41 based on Password shucking #1037

Merged
merged 6 commits into from
Oct 17, 2023
Merged

feat: Challenge 41 based on Password shucking #1037

merged 6 commits into from
Oct 17, 2023

Conversation

adarsh-a-tw
Copy link
Contributor

What kind of changes does this PR include?

  • Fixes or refactors
  • A new challenge
  • Additional documentation
  • Something else

Description

Adds challenge 41 which leaks passwords based on password shucking.

Relations

Closes #859

Checklist:

  • All the contributions made are solely the work of me and my co-authors
  • I tested the changes in this PR (if applicable)
  • I added unit tests to ensure my change works (when change in Java or on front-end code)
  • The PR passes pre-commit hooks and automated tests

@adarsh-a-tw
feat: add challenge 41
e3fae38 
Signed-off-by: Adarsh A <[email protected]>
commjoen
commjoen requested changes Oct 16, 2023
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your third challenge already within a month! @adarsh-a-tw : you rock sir!
Here are some minor changes . @bendehaan do you have time for a textual review please?

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge41.java Outdated Show resolved Hide resolved
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge41.java Outdated Show resolved Hide resolved
src/main/resources/executables/db-dump-2.txt Outdated Show resolved Hide resolved
src/main/resources/explanations/challenge41.adoc Outdated Show resolved Hide resolved
src/main/resources/explanations/challenge41_reason.adoc Outdated Show resolved Hide resolved
src/main/resources/explanations/challenge41_reason.adoc Outdated Show resolved Hide resolved
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 17, 2023
View reviewed changes
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge41.java
value = "WEAK_MESSAGE_DIGEST_MD5",
justification = "This is to allow md5 hashing")
private String hashWithMd5(String plainText) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance("MD5");

Check failure

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm

Cryptographic algorithm [MD5](1) is weak and should not be used.
@adarsh-a-tw adarsh-a-tw requested a review from commjoen October 17, 2023 07:02
commjoen
commjoen approved these changes Oct 17, 2023
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's number 3 already! Wow! that's amazing @adarsh-a-tw !

@commjoen commjoen merged commit f9957ad into OWASP:master Oct 17, 2023
@adarsh-a-tw adarsh-a-tw deleted the feat/challenge-41 branch October 17, 2023 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@commjoen commjoen commjoen approved these changes

@bendehaan bendehaan Awaiting requested review from bendehaan bendehaan is a code owner

Assignees
No one assigned
Labels
hacktoberfest-accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Password Shucking challange
2 participants
@adarsh-a-tw @commjoen