through to identify a perpetrator

The Assumption

The code responsible for implementing this check within the application was

extremely simple:

bool CAuthCheck::RequiresApproval(int amount)

{

if (amount <= m_apprThreshold)

return false;

else return true;

}

The developer assumed that this transparent check was bulletproof. No

transaction for greater than the configured threshold could ever escape the

requirement for secondary approval.

The Attack

The developer’s assumption was flawed because he had completely over-

looked the possibility that a user would attempt to process a transfer for a neg-

ative amount. Any negative number will clear the approval test, because it is

less than the threshold. However, the banking module of the application

accepted negative transfers and simply processed them as positive transfers in

the opposite direction. Hence, any user wishing to transfer $20,000 from

account A to account B could simply initiate a transfer of -$20,000 from account

B to account A, which had the same effect and required no approval. The anti-

fraud defenses built into the application could be trivially bypassed!

Download 5,76 Mb.

Do'stlaringiz bilan baham: