Database Reference
In-Depth Information
vulnerabilities, the most common authentication and authorization (AA) vulnerabilities
are gathered in the following sections.
Simple authentication protocol
The vulnerability code for a simple authentication protocol is
AU01
.
Utilize the Diffie-Hellman scheme to create a session random hash value. This type of au-
thentication is quite susceptible to reflection attacks, that is, when an attacker creates the
second handshake session using the challenge obtained during the first (incomplete) one.
Password system exploits
The vulnerability code for password system exploits is
AU02
:
String plainText = new String(plainTextIn)
MessageDigestencer = MessageDigest.getInstance("SHA");
encer.update(plainTextIn);
byte[] digest = password.digest();
if (digest==secret_password()){
//log me in
}
The failure of a password authentication mechanism will almost always result in attackers
being authorized as valid users.
Authentication decision based on the Referer field
The vulnerability code is
AU03
.
The HTTP header element as defined by W3.org is
Referer = "Referer" ":" (
absoluteURI | relativeURI)
. The J2EE code for extracting a fields value for
further authentication is
HttpServletRequest.getHeader("referer")
. In
fact, the
Referer
field in HTML requests can be simply modified by malicious users.
Authentication decision based on the DNS name resolution
The vulnerability code for the authentication decision based on the DNS name resolution
is
AU04
:
import java.net.InetAddress;
public class Authenticator {
Search WWH ::
Custom Search