|
 setting
standards
|
by
Singh Ryu
SENCAW | AUTHOR
|
The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.
This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification.
Solution:
Apply an update
Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation.
The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid.
This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification.
Solution:
Apply an update
Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation.
Posted in HMAC truncation, SOAP, XMLDsig, access, apache, input, soap-apache-mysql, software protection, vulnerability | No Comments »
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity More
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies.
This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity
Posted in analysis, code, inection, input, ip, malicious, queries, soap-apache-mysql, sophisticated applications, vulnerability | No Comments »
SOAP
“SOAP is a protocol specification for invoking methods on servers, services, components and objects. SOAP codifies the existing practice of using XML and HTTP as a method invocation mechanism. The SOAP specification mandates a small number of HTTP headers that facilitate firewall/proxy filtering. The SOAP specification also mandates an XML vocabulary that is used for representing method parameters, return values, and exceptions.” [DevelopMentor] “SOAP is the Simple Object Access Protocol, a way to create widely distributed, complex computing environments that run over the Internet using existing Internet infrastructure. SOAP is about applications communicating directly with each other over the Internet in a very rich way.” [MS] [In the context of the Microsoft Windows DNA 2000 solution]: “The key enabler for Microsoft’s vision of integrated, programmable Web services is XML. Through the exchange of XML messages, services can easily describe their capabilities and allow any other service, application or device on the Internet to easily invoke those capabilities. To help realize that vision, Microsoft today is submitting to the Internet Engineering Task Force (IETF) an Internet draft specification for the Simple Object Access Protocol (SOAP), an XML-based mechanism that bridges different object models over the Internet and provides an open mechanism for Web services to communicate with one another.” More
Posted in SOAP, firewall -proxy filtering, http headers, object models, simple object access protocol, soap-apache-mysql, windows dna 2000, xml vocabulary | No Comments »
