Code-Racing / brickyard

0 stars 0 forks source link

CONTRAST: Insecure Authentication Protocol #83

Open valvolineford opened 4 years ago

valvolineford commented 4 years ago

Vulnerability ID: WU67-7D9F-9YTH-3X0O

Application Name: AgentMessageGeneratorJava

Vulnerability Link: http://localhost:19080/Contrast/static/ng/index.html#/7c6cfec5-a187-4d5e-984a-d11d96d2ef63/applications/6394f24f-037b-43bb-8ac2-05fa5fb5d862/vulns/WU67-7D9F-9YTH-3X0O

What Happened?

Contrast detected browsers using HTTP {{#link}}http://en.wikipedia.org/wiki/Basic_access_authentication$$LINK_DELIM$$Basic Authentication{{/link}} or {{#link}}http://en.wikipedia.org/wiki/Digest_access_authentication$$LINK_DELIM$$Digest Authentication{{/link}} while communicating with the application. These protocols are old and are not intended to deliver enterprise-strength authentication.

The following header was observed in the request to the given page:

Authorization: Basic **

What's the risk?

Contrast noticed browsers using HTTP Basic Authentication or Digest Authentication while communicating with the application. These protocols are old and are not intended to deliver enterprise-strength authentication.

Recommendation

Moving authentication protocols is not easy. That being said, there are serious, fundamental weaknesses in the protocols chosen. The best, long term recommendation is to move towards a form-based authentication.

It is extremely unlikely that specification-driven HTTP authentication protocols will ever meet the security requirements of your organization. It's also unlikely that improvements to these protocols will be integrated into browsers and server frameworks in any reasonable amount of time.

First Event

(no event)

Last Event

(no event)

HTTP Request

GET http://localhosthttp://localhost/?foo=bar??foo=bar&id=23 HTTP/1.0 Authorization: Basic ** Host: localhost

References

https://www.owasp.org/index.php/Insecure_Configuration_Management