The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

N OT E The second of these conditions is really quite subtle, and as a result

Download 5,76 Mb. Pdf ko'rish bet 285/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• If one of the login stages uses a randomly varying question, verify

N OT E The second of these conditions is really quite subtle, and as a result, many real-world applications are vulnerable. An application that challenges a user for two random letters of a memorable word may appear at first glance to be functioning properly and providing enhanced security. However, if the letters are randomly chosen each time the previous authentication stage is passed, then an attacker who has captured a user’s login on a single occasion can simply reauthenticate up to this point until the two letters that he knows are requested, without the risk of account lockout. HACK STEPS ■ If one of the login stages uses a randomly varying question, verify whether the details of the question are being submitted together with the answer. If so, change the question, and submit the correct answer Download 5,76 Mb. Do'stlaringiz bilan baham: