Use of a Broken or Risky Cryptographic Algorithm in x360ce/x360ce
Jan 26th 2022
The password-generation algorithm used in the function
NewPassword() simply adds bias to the output password instead of making it easier to remember.
Proof of Concept
- Use the
NewPassword()function a large amount of times and store the output.
- Look at the frequency of each character on a distribution graph.
This vulnerability is capable of cutting down the amount of brute-force attempts an attacker needs to try as the likelihood of each character being one of a given user's password is higher for some than others.