Web Server Misconfiguration: HTTP Basic Authentication (HTTP Basic Logins Sent Over Unencrypted Connection)

Web Server Misconfiguration: HTTP Basic Authentication (HTTP Basic Logins Sent Over Unencrypted Connection)

Web 服務器配置錯誤:HTTP 基本身份驗證(通過未加密連接發送的 HTTP 基本登錄)


 Description:

Any area of a web application that possibly contains sensitive information or access to privileged functionality such as remote site administration functionality should utilize SSL or another form of encryption to prevent login information from being sniffed or otherwise intercepted or stolen. ~FullURL~ has failed this policy. 

Recommendations include ensuring that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted.




An attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the application developers.

利用此設計漏洞的攻擊者將能夠利用這些信息來升級他們的攻擊方法,可能導致冒充合法用戶、盜竊專有數據或執行應用程序開發人員不打算執行的操作。


Recommendation:


For Security Operations and Development:

Ensure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted.

確保您的 Web 應用程序的敏感區域具有適當的加密協議,以防止登錄信息和其他可能有助於攻擊者的數據被攔截。


For QA:

Test the application not only from the perspective of a normal user, but also from the perspective of a malicious one.

不僅要從普通用戶的角度測試應用程序,還要從惡意用戶的角度測試應用程序。



GET /download/ HTTP/1.1<br>Referer: http://10.107.34.210/pscgi.cgi?PAGE=LoginForm<br>Accept: */*<br>Pragma: no-cache<br>Accept-Encoding: gzip, deflate<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0<br>Host: 10.107.34.210<br>Connection: Keep-Alive<br>X-WIPP: AscVersion=21.1.0.137<br>X-Scan-Memo: Category="Audit.Attack";SID="69ECD6035ECFBD2E940B3819DE968195";PSID="C1962C624D3EC2913599135248395B94";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10219";Engine="Directory+Enumeration";SmartMode="4";tht="11";<br>X-RequestManager-Memo: stid="9";stmi="0";sc="1";rid="f43ea027";<br>X-Request-Memo: rid="f4147f97";sc="1";thid="20";<br>Cookie: CustomCookie=WebInspect181496ZX0AC42CE040A9445F81C859CE955F41CEY624F<br><br>


HTTP/1.1 401 Unauthorized<br>Date: Thu, 06 Oct 2022 10:03:52 GMT<br>Server: Apache<br>WWW-Authenticate: Basic realm="ITA_profile"<br>Content-Length: 381<br>Keep-Alive: timeout=5, max=7<br>Connection: Keep-Alive<br>Content-Type: text/html; charset=iso-8859-1<br><br><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><br><html><head><br><title>401 Unauthorized</title><br></head><body><br><h1>Unauthorized</h1><br><p>This server could not verify that you<br>are authorized to access the document<br>requested. Either you supplied the wrong<br>credentials (e.g., bad password), or your<br>browser doesn't understand how to supply<br>the credentials required.</p><br></body></html><br>



留言

張貼留言

這個網誌中的熱門文章

10.29 Slow HTTP Denial of Service Attack (Slowloris)

站長日誌 109.10.29 弱點掃描偵測到Slow HTTP Denial of Service Attack弱點一隻 Server-Specific Recommendations Applying the above steps to the HTTP servers tested in the previous article indicates the following server-specific settings: Apache Using the < Limit > and < LimitExcept > directives to drop requests with methods not supported by the URL alone won’t help, because Apache waits for the entire request to complete before applying these directives. Therefore, use these parameters in conjunction with the  LimitRequestFields ,  LimitRequestFieldSize ,  LimitRequestBody ,  LimitRequestLine ,  LimitXMLRequestBody  directives as appropriate. For example, it is unlikely that your web app requires an 8190 byte header, or an unlimited body size, or 100 headers per request, as most default configurations have.  Set reasonable  TimeOut  and  KeepAliveTimeOut  directive values. The default value of 300 seconds for  TimeOut  is overkill for most situations. ListenBackLog ’s default value of 511 cou
閱讀完整內容

在CentOS 8 Stream安裝NTP Client與設定時區

sudo dnf install chrony vi /etc/chrony.conf 加入 server tock.stdtime.gov.tw sudo systemctl enable chronyd sudo systemctl start chronyd sudo timedatectl set-timezone Asia/Taipei date ls -l /etc/localtime 在Fortigate設定NTP自動校準時間 Use this command to configure Network Time Protocol (NTP) servers. The Network Time Protocol enables you to keep the FortiGate time in sync with other network systems. By enabling NTP on the FortiGate, FortiOS will check with the NTP server you select at the configured intervals. This will also ensure that logs and other time-sensitive settings on the FortiGate are correct. The FortiGate maintains its internal clock using a built-in battery. At start up, the time reported by the FortiGate will indicate the hardware clock time, which may not be accurate. When using NTP, the system time might change after the FortiGate has successfully obtained the time from a configured NTP server. config system ntp set ntpsync {enable | disable} Enable/disable setting the Forti
閱讀完整內容

Update Pattern of TrendMicro AntiVirus Software - ServerProtect

使用指令更新 SPLX 掃瞄引擎與病毒碼 1. 打開終端機指令並使用 root 登入 2. 在終端機輸入以下指令: /opt/TrendMicro/SProtectLinux/SPLX.vsapiapp/splxmain -u 確認您的病毒碼與掃描引擎版本 在終端機執行指令:ps aux | grep splxmain 指令將顯示一些相似的訊息: root 14913 0.0 0.1 3568 624 pts/2 S 04:51 0:00 /opt/TrendMicro/SProtectLinux/ /SPLX.vsapiapp/splxmain -u 至/opt/TrendMicro/SProtectLinux/目錄並且確認更新的病毒碼檔案 lpt$vpn.xxx (xxx 代表現在的病毒碼版本) 病毒碼更新完成,請在相同目錄下如步驟輸入以下指令: ls -al *vpn.xxx (xxx 代表現在的病毒碼版本) ls -al libvsapi.so (掃描引擎檔案) 確認掃描引擎更新成功,兩個檔案的時間與日期戳記將會相同
閱讀完整內容