Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead to information leakage, complete login bypassing, or a weakening of the overall security of the mechanism as designed. Implementation flaws tend to be more subtle and harder to detect than design defects such as poor … Read more
Some applications that support self-registration allow users to specify their own username, and do not enforce a requirement that usernames be unique. Although rare, the authors have encountered more than one application with this behavior. This represents a design flaw for two reasons: ■ One user who shares a username with another user may also … Read more
Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access data and carry out actions within their user context. For example, some banking applications allow helpdesk operators to verbally authenticate a telephone user and then switch their application session into that user’s context in order … Read more
Applications often implement “remember me” functions as a convenience to users, to prevent them needing to reenter their username and password each time they use the application from a specific computer. These functions are often insecure by design and leave the user exposed to attack both locally and by users on other computers: ■ Some … Read more
Like password change functionality, mechanisms for recovering from a forgotten password situation often introduce problems that may have been avoided in the main login function, such as username enumeration. In addition to this range of defects, design weaknesses in forgotten password functions frequently make this the weakest link at which to attack the application’s overall … Read more
Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary for a well designed authentication mechanism for two reasons: ■ Periodic enforced password change mitigates the threat of password compromise by reducing the window in which a given password can be targeted in a guessing … Read more
If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the network will of course be able to intercept them. Depending on the user’s location, potential eavesdroppers may reside: ■ On the user’s local network ■ Within the user’s IT department ■ Within the user’s ISP … Read more
On the face of it, authentication is conceptually among the simplest of all the security mechanisms employed within web applications. In the typical case, a user supplies her username and password, and the application must verify that these items are correct. If so, it lets the user in. If not, it does not. Authentication also … Read more
Transmitting Data via the Client Many applications leave themselves exposed because they transmit critical data such as product prices and discount rates via the client in an unsafe manner. If possible, applications should avoid transmitting this kind of data via the client altogether. In virtually any conceivable scenario, it is possible to hold such data … Read more
ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted and installed by the user, execute with the full privileges of that user and can carry out arbitrary actions, including interacting with the operating system. ActiveX can be used to implement practically any client-side control, … Read more