AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Password Storage Forms Authentication

Leveraging a privilege escalation the attackers can easily gather user passwords since they are kept using weak cryptographic mechanisms

Severity

Medium

Fix Cost

Medium

Trust Level

High

ASP.NET Forms Authentication mechanism supports optional definitions of name and password credentials within the configuration file. For prototyping purposes or very small and basic applications this ways of keeping user credentials in Web.config for Forms Authentication is doable.

Below configuration example defines Forms Authentication with credentials for which passwords are kept in MD5 hashes. Anybody who has a view permission for Web.config (through a vulnerability or normal flow) can view application users passwords in cryptographic digest, however, since it’s easy to crack MD5, either using brute-force or online rainbow tables, this method of storage proves to be insecure.

                            
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1440">
<credentials passwordFormat="MD5">
<user name="admin" password="ab4725ecba07494762aacff12" />
</credentials>
</forms>
</authentication>
…
            
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!