The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

1 ... 280 281 282 283 284 285 286 287 ... 875

Bog'liq
3794 1008 4334

advance or skip stages.

Some login mechanisms employ a randomly varying question at one of the

stages of the login process. For example, after submitting a username and

password, the user might be asked one of various “secret” questions (regard-

ing their mother’s maiden name, place of birth, name of first school, etc.) or to

submit two random letters from a secret phrase. The rationale for this behav-

Chapter 6

■

Attacking Authentication

159

70779c06.qxd:WileyRed 9/14/07 3:13 PM Page 159

ior is that even if an attacker captures everything that a user enters on a single

occasion, this will not enable them to log in as that user on a different occasion,

because different questions will be asked.

In some implementations, this functionality is broken and does not achieve

its objectives:

■■

The application may present a randomly chosen question, and store

the details of the question within a hidden HTML form field or cookie,

rather than on the server. The user subsequently submits both the

answer and the question itself. This effectively allows an attacker to

choose which question to answer, enabling the attacker to repeat a

■■

The application may present a randomly chosen question on each login

attempt but not remember which question a given user was asked in the

event that he or she fails to submit an answer. If the same user initiates a

fresh login attempt a moment later, a different random question will be

generated. This effectively allows an attacker to cycle through questions

until they receive one to which they know the answer, enabling them to

repeat a login having captured a user’s input on a single occasion.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 280 281 282 283 284 285 286 287 ... 875