|
 setting
standards
|
by
Singh Ryu
SENCAW | AUTHOR
|
The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.
This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification.
Solution:
Apply an update
Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation.
The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.
This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification.
Solution:
Apply an update
Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation.
Posted in HMAC truncation, SOAP, XMLDsig, access, apache, input, soap-apache-mysql, software protection, vulnerability | No Comments »
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity More
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies.
This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity
Posted in analysis, code, inection, input, ip, malicious, queries, soap-apache-mysql, sophisticated applications, vulnerability | No Comments »
SCO | RIP
Why SCO won’t show the code – At SCO’s annual reseller show, the company’s executives put up a couple of slides as a way of demonstrating how Unix code had been “stolen” and put into Linux. The two slides were photographed and have since appeared on Heise Online; see them here and here. The escape of these slides has allowed the Linux community to do something it has been craving since the beginning of the SCO case: track down the real origins of the code that SCO claims as its own. The results, in this case, came quick and clear. They do not bode well for SCO. More Abstract This paper reports on the design rationale and formative evaluation of an intelligent tool to aid intermediate and advanced student programmers, who already have knowledge of another programming language, in acquiring a working knowledge of key parts of the Ada programming language. Research on transfer between programming languages has shown that, while previous programming experience helps students to learn subsequent languages, it also can be a source of negative transfer. In particular, students have little trouble with the syntax of the new language, but they do have difficulty in planning a solution which takes advantage of the features of the new language. Our tool, ADAPT, applies existing artificial intelligence technologies to the pedagogical problem of transfer between programming languages, with emphasis on the problem of developing programming plans which are appropriate to Ada. ADAPT was designed based on the findings of research in the cognition of programming. A prototype of the tool was developed, and a formative evaluation was carried out to evaluate the cognitively-based design decisions guiding ADAPT.
More
Posted in ADAPT, SCO, Uncategorized, code, programming, show the code, syntax, vulnerability | No Comments »
