This repository was archived by the owner on Apr 3, 2025. It is now read-only.
This repository was archived by the owner on Apr 3, 2025. It is now read-only.
4.2: Complication with Salting #3
Description
https://github.com/CISecurity/ControlsAssessmentSpecification/blob/master/control-4/control-4.2.rst
https://controls-assessment-specification.readthedocs.io/en/latest/control-4/control-4.2.html
For 4.2, the use of salts when generating password hashes would likely cause problems for the proposed approach. Consider adjusting Input 2 to be the actual default passwords, rather than password hashes for those passwords. Then, the Operations could be modified slightly so that the default passwords are hashed in accordance with the appropriate salting procedures for the system in question before making the comparisons to the actual password hashes on the system.