[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <42831298.9090501@sigsegv.cx>
Date: Thu, 12 May 2005 09:23:52 +0100
From: Anton Ivanov <arivanov@...segv.cx>
To: Michal Zalewski <lcamtuf@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
One more example.
http://www.theregister.co.uk/2005/05/11/ms_gatekeeper_test_fiasco/
It looks like someone already used this to rig his scores in the
Microsoft Security Professional competition.
ROFL.
A.
Michal Zalewski wrote:
| I would also like to point all concerned to an excellent post about
| replay attacks on __VIEWSTATE; the post is by Scott Mitchell, the
| guy who authored the MSDN article I initially referred to [1]:
|
| http://scottonwriting.net/sowblog/posts/3747.aspx
|
| His article is aimed at developers; Scott explains the issue I
| reported in a way that makes it perhaps more clear why putting user
| ID, session ID, or other similar data in __VIEWSTATE is not a
| remedy by itself, and why reposting __VIEWSTATE is dangerous
| despite target script location checks.
|
| [1]
| http://msdn.microsoft.com/library/en-us/dnaspp/html/viewstate.asp
|
| Cheers, /mz
|
- --
La Châtelier's Law:
~ If some stress is brought to bear on a system in equilibrium,
the equilibrium is displaced in the direction which tends to undo the
effect of the stress.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgxKX/NpXLt3l5xURAoCRAKCST0nfsIav2YahTueJdgyl1sjfIQCgwRhm
L/0uD824ZveBMYbo9yi1ErI=
=0rM6
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists