Naziv
|
Manipulating Opaque Client-based Data Tokens
|
Sažetak
|
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
|
Preduvjeti
|
An attacker already has some access to the system or can steal the client based data tokens from another user who has access to the system.|For an Attacker to viably execute this attack, some data (later interpreted by the application) must be held client-side in a way that can be manipulated without detection. This means that the data or tokens are not CRCd as part of their value or through a separate meta-data store elsewhere.
|
Rješenja
|
['One solution to this problem is to protect encrypted data with a CRC of some sort. If knowing who last manipulated the data is important, then using a cryptographic "message authentication code" (or hMAC) is prescribed. However, this guidance is not a panacea. In particular, any value created by (and therefore encrypted by) the client, which itself is a "malicious" value, all the protective cryptography in the world can\'t make the value \'correct\' again. Put simply, if the client has control over the whole process of generating and encoding the value, then simply protecting its integrity doesn\'t help.', 'Make sure to protect client side authentication tokens for confidentiality (encryption) and integrity (signed hash)', 'Make sure that all session tokens use a good source of randomness', 'Perform validation on the server side to make sure that client side data tokens are consistent with what is expected.']
|