AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Legacy Forms Authentication

The attackers can login into the application as other users

Severity

Urgent

Fix Cost

High

Trust Level

High

ASP.NET Forms Authentication mechanism has a vulnerability that allows attackers to send unvalidated inputs when registering into the applications and then logging as other users.

On newer ASP.NET versions the vunerability is patched by changing input validation strategies, however, the existence of a legacy directive below will revert back the fixed mechanism to unfixed one.

                            
<appSettings>
<add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" />
</appSettings>
...
            
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!