Code-Racing / brickyard

0 stars 0 forks source link

CONTRAST: Insecure Authentication Protocol #86

Open valvolineford opened 4 years ago

valvolineford commented 4 years ago

Vulnerability ID: MCUH-W5A1-8ZYL-ONUZ

Application Name: AgentMessageGeneratorJava

Vulnerability Link: http://localhost:19080/Contrast/static/ng/index.html#/7c6cfec5-a187-4d5e-984a-d11d96d2ef63/applications/6394f24f-037b-43bb-8ac2-05fa5fb5d862/vulns/MCUH-W5A1-8ZYL-ONUZ

What Happened?

Contrast detected browsers using HTTP {{#link}}http://en.wikipedia.org/wiki/Basic_access_authentication$$LINK_DELIM$$Basic Authentication{{/link}} or {{#link}}http://en.wikipedia.org/wiki/Digest_access_authentication$$LINK_DELIM$$Digest Authentication{{/link}} while communicating with the application. These protocols are old and are not intended to deliver enterprise-strength authentication.

The following header was observed in the request to the given page:

Authorization: Basic **

What's the risk?

Contrast noticed browsers using HTTP Basic Authentication or Digest Authentication while communicating with the application. These protocols are old and are not intended to deliver enterprise-strength authentication.

Recommendation

Moving authentication protocols is not easy. That being said, there are serious, fundamental weaknesses in the protocols chosen. The best, long term recommendation is to move towards a form-based authentication.

It is extremely unlikely that specification-driven HTTP authentication protocols will ever meet the security requirements of your organization. It's also unlikely that improvements to these protocols will be integrated into browsers and server frameworks in any reasonable amount of time.

First Event

(no event)

Last Event

(no event)

HTTP Request

GET http://localhosthttp://localhost/?foo=bar??foo=bar&id=23 HTTP/1.0 Authorization: Basic ** Host: localhost

References

https://www.owasp.org/index.php/Insecure_Configuration_Management