Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

OAuth2.0 Protocol Used in Login process of Facebook is vulnerable!

OAuth2.0 is security protocol, which has been used by many social networking websites for user authentication process. Researchers have found two vulnerabilities in this protocol. By performing MITM (Man-in-the-middle) attack hackers can steal credentials of user, due to these flaws.

A couple of vulnerabilities has been found by 3 researchers of Trier University in OAuth2.0 protocol. By Exploiting these vulnerabilities hackers can subvert single sign-on-system. Google+, Facebook and many other sites are using this protocol in user authentication process. Ralf Küsters,Daniel Fett and Guido Schmitz are these three security researchers.

According to the researchers, first flaw is known as HTTP 307 Temporary Redirect. In this flaw IdP (identity providers) will forward credentials of users to attacker which is a RP (Replying Party). These credentials are username and password. In second flaw network hacker can act like actual user by making fool of RP (Replying Party).

In HTTP 307 hackers can steal users credentials by redirecting him to another link. Hackers can learn the user name and password of user when he logs in because IdP will use a wrong status code of HTTP redirection which will be set by hacker.

To fix this flaw, use of only HTTP 303 code in OAuth2.0 is mandatory. It is safe beacuse it do not allow ambiguity.

Using second flaw attackers can attack on Replying Party (RP) website. RP will be confused by attacker in chosing the right IdP during authntication process. RP will not understand which token has been used by request in the starting of authentication process and which is used in the ending stage of process.

Attacker can do this by performing a man-in-the-middle (MITM) attack. Hacker can change the data of user and can make fool of Replying Party. RP thinks that this data has been sent by actual user.

To fix this problem, Identity of IdP is must in OAuth's redirection process. If we want a unique redirection endpoint for every IdP, the information redirected by browser to the Replying Party (RP) should be encoded in the request. By doing this RP will be able to detect all the mismathces in request.

Source: scmagazine.com

Crossfire Thanks..

Apr 23, 2016

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.