Incorrect Type Conversion or Cast
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
When converting hash bytes to a hexadecimal string using Integer.toHexString(), leading zeroes are dropped, causing some bytes to be represented incorrectly. This can result in different hash values mapping to the same string and weakens the uniqueness of the hash.
Impact#
If hash values are not represented accurately, attackers could exploit collisions to bypass integrity checks or authentication mechanisms that rely on these hashes. This could expose sensitive data or allow unauthorized access, undermining the application’s security controls.