tl;dr While the TLS servers attacks has been pretty much studied and fixed (see e.g. https://www.secure-resumption.com/ and https://weakdh.org/ ) the situation with the TLS clients is (was) not ideal and can be improved. Here I report a Small subgroup attack for TLS clients that I performed against various browsers and reported. Whoever reads this blog is used to read about OAuth . For once (and maybe more in the future) let's hijack the usual topic and let's talk about my new "passion" : TLS in particular Diffie–Hellman (DH from now on). Now, before to start I need to clarify one thing IANAC (I am not a cryptographer) so I might likely end up writing a bunch of mistakes in this blog post... Diffie-Hellman is used in SSL/TLS, as "ephemeral Diffie-Hellman" (EDH) and it is probably going to be kill soonish (or at least is the intent of Google Chrome ). FWIW I personally agree with this unless EDH implements the Negotiated Finite Field specification
Posts
Some time ago I posted a blogpost abut Top 5 OAuth 2 Implementation Vulnerabilities . This week I have extended the list while presenting Top X OAuth 2 Hacks at OWASP Switzerland. This blog post (like the presentation) is just a collection of interesting attack OAuth related. #10 The Postman Always Rings Twice I have introduced this 'attack' in last year post . This is for provider implementer , it is not extremely severe but, hey, is better to follow the spec. Specifically The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code. It turned out that even Facebook and Google did it wrong ... :) #9 Match Point To all OAuth Providers be sure to follow section 4.1.3 of the spec in particular ...if the "redirect_uri" parameter was included in the
tl;dr in this blog post we are going to give a look at modern browsers's protection with some hands on example available at https://github.com/asanso/browsers-security and deployed in Heroku . This blog post is NOT about Same-origin policy Introduction In this blog post we are going to give a look at modern browsers's protection. More specifically if you are designing a REST API where the result response is driven by some user input, then why not have some help from the browser rather than brewing some ad hoc protection? I am going to provide some demo deployed in Heroku . If you prefer running them on your machine you might want to clone https://github.com/asanso/browsers-security and drill down into the specific example. Mind your content type By definition Content-Type entity-header field indicates the media type of the entity-body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent had the request b
In a previous blogpost we have already analyzed a token hijack on one OAuth integration between some Microsoft and Google service and seen what went wrong. Now it is time to see yet another integration between Microsoft and xxxx (unluckily I can't disclose the name of the other company due the fact the haven't still fixed a related issue...) and see some fallacy. But before to focus on the attack we might need a bit of introduction. HTTP referrer An HTTP referrer (misspelled as referer in the spec) is a special HTTP header field that browsers (and http clients in general) attach when surfing from a page to another. In this way the new webpage can see where the request originated. One extra thing to point out is that as per section 15.1.3 (Encoding Sensitive Information in URI's) of HTTP RFC [RFC 2616]: Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol. This is summarized
tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing). Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS. Instant demo In Safari up to 8.0.8 : go to https://asanso.github.io/CVE-2015-5764/file0.html click "click me!" notice the address bar being "data:text/html,%3CH1%3EHi!!%3C/H1%3E" go back using the browser button click "click me!" notice the address bar being http://www.intothesymmetry.com/CVE-2015-5764/file0.php !!!! Well this looks a clear caching problem to me, right :) ? The Introduction (Oldie but goldie) Several months ago (almost a year!!) I was reading the great book written by lcamtuf (aka Michal Zalewski) named The Tangled Web . I know, I know I was a bit late for the party :) Said that, this book contained a really interesting Chapter (for the record Chapter 10) that is de
Justin Richer and myself have been writing a book about OAuth . It gives a deep look at the OAuth 2.0 protocol including hands on examples and practical implementation vulnerabilities to avoid. You can preorder the book today or you can download the first chapter for free on the publisher’s website: https://www.manning.com/books/oauth-2-in-action Happy reading!! p.s. for the next few days, you can order it at half-off with the code mloauth2
Damien Antipa and me love browser security. Hence we always keep up to date on what is going on this field. Few months ago Christian Schneider blogged about Chrome SOP Bypass with SVG . We decided to poke some other browser using the same technique and the outcome was CVE-2015-3753 . The SOP-bypass for images works with Safari up to 8.0.7 We were able indeed to bypass the SOP for images served with 302 and with the data protocol (e.g. data:image/png;base64) and exfiltrate the image. You can find the detail of the issue in the mentioned blog post from Christian (our attack did not make use of the browser cache though) Step to reproduce with Safari 8.0.7 : Open the attacker page http://asanso.github.io/test. html username/password of the contained image are sop/sop - click "exploit step 1" (this is just an intermediate step to load the image) - click "exploit step 2" and appreciate the exfiltrated image in the alert message (substring) and the fu
Here we go again.... I have already blogged about (OAuth) token hijacks [1] [2] , but hey, things happens and re-happens :) In the past I had mainly focused my attention on Authorization Servers weakness. As the cited Facebook's vulnerable regex pattern matching for redirect_uri. It turns out that also OAuth client can screw things up and leak token (or authorization codes). So here is the tl;dr: If you are building an OAuth client, Thou shall register a redirect_uri as much as specific as you can i.e. if your OAuth client callback is https://yourouauthclient.com/oauth/oauthprovider/callback then DO register https://yourouauthclient.com/oauth/oauthprovider/callback NOT JUST h ttps://yourouauthclient.com/ or https://yourouauthclient.com/oauth The main reason behind this is that sometimes Authorization Server (AS) use exotic and unexpected redirect_uri validation policies. As mentioned in some previous post the ONLY safe validation method the Authorization
So another year passed by and I will talk ( again , ... ) at the Connect WE conference . This year with Damien Antipa we will have a speech entitled So, you wanna crypto (in AEM) . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al :) Now is probably well known that messing up with cryptography isn't that hard :p Luckily Adobe Experience Manager (AEM) offers a great suite of cryptography capabilities as : Encryption and decryption API Integrity protection API Key pair generation TrustStore/KeyStore support In this talk we will show how to use those low level building crypto building blocks to solve scalability and resilience problems i.e. improving the efficiency of load balancing with horizontal scalability and providing a transparent stateless CSRF framework .
tl;dr The Internet Bug Bounty rewarded me with a bounty for an Open Redirect in rfc6749 aka 'The OAuth 2.0 Authorization Framework' . Here the long version. The Introduction Several months ago I did realize that if you want to implement an OAuth Authorization Server and follow verbatim the OAuth core spec you might end up having an Open Redirect. Now there is still some debate about this class of vulnerability since often they are relatively benign but not always (as we can see later). Despite all at that point I notified the OAuth working group . There was some longish discussion but eventually (almost) all in the list agreed that this was somehow an issue (no where near the end of the world :)). The Issue Section 4.1.2.1 of the OAuth specification says: If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the r