Watch for Authentication Bypass Vulnerabilities - Page 2

By  Paul Rubens | Dec 8, 2010
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Obscuring restricted URLs

Some Web applications or devices maintain a list of URLs that are restricted and prompt the user for authentication credentials before allowing the user to access these URLS. The question that hackers ask is whether there are alternative URLs, which are not on the "restricted list", which point to the same restricted pages?

For example, imagine a restricted Web page:

http://mycorporatedevice/admin/configuration/

What if a hacker were to append an extra "/" at the end of this URL:

http://mycorporatedevice/admin/configuration//

or add some other character like "?" or "%" or "~"? In some cases these URLs are effectively equivalent, even though they look different. If the authentication mechanism only checks for the original URL but not the variations then it can easily be bypassed.

SQL injection

SQL injection can be used to bypass authentication by fooling a login page into evaluating an expression that is always true instead of checking that a login name and password is valid.

So, for example, the authentication mechanism might involve an expression like:

(authorise a user) WHERE Password='$password'

Using a Web interface, when prompted for his password, a malicious user might enter:

ABC' or '1' = '1

resulting in the query:

(authorize a user) WHERE Password='ABC' OR '1' = '1'

The hacker has effectively injected a whole OR condition into the authentication process. Worse, the condition '1' = '1' is always true, so this SQL query will always result in the authentication process being bypassed.

Preventing authentication bypass vulnerabilities

Authentication bypass vulnerabilities can have so many different root causes that it is impossible to give a comprehensive list of measures to take to prevent them. But steps you can take include:

  • Use the Metasploit penetration testing framework http://www.metasploit.com/ to check for known authentication vulnerabilities in your IT infrastructure.
  • If you are developing your own authentication code, be alert for possible buffer overflow errors or SQL injection vulnerabilities.
  • Be aware of the sorts of vulnerabilities outlined in this article.
  • As ever, ensure that your applications are patched and up to date, and your network hardware is running the latest firmware.
prubens@jupitermedia.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >