search

zihuaweng / software-security-banking

Banking web with vulnerabilities
0 stars 0 forks source link

Insecure Transport Vulnerability #4

Open rafbel opened 4 years ago

rafbel commented 4 years ago

Since there is no mention of trusted boundaries or any assumptions in your README regarding SSL, this can be considered an exploited vulnerability.

Since the application is not SSL protected, uses HTTP, and sensitive information is not encrypted, all passwords and the user balance can be eavesdropped by a man in the middle. Allowing this attacker to use that information to access the user's account and withdraw money. In order to do this, the attacker can use a proxy/packet analyzer application like Wireshark to eavesdrop when a user sends a POST request to the endpoint with URL "/login" with the password, which is not encrypted, in the request body.

Here is the JSON response from the request that was intercepted:

image image

This issue is better described in the OWASP page: https://owasp.org/www-community/vulnerabilities/Insecure_Transport

junwei266 commented 4 years ago

Valid. A man-in-the-middle attack can happen if (1) the channel is unencrypted or (2) the data is unencrypted and the client is compromised (e.g., with a keylogger or trojan)