AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Plaintext Passwords Forms Authentication

Leveraging a privilege escalation the attackers can easily gather user passwords since they are kept plaintext

Severity

High

Fix Cost

Medium

Trust Level

High

ASP.NET Forms Authentication mechanism supports optional definitions of name and password credentials within the configuration file. For prototyping purposes or very small and basic applications this ways of keeping user credentials in Web.config for Forms Authentication is doable.

Below configuration example defines Forms Authentication with credentials for which passwords are kept in cleartext. Anybody who has a view permission for Web.config (through a vulnerability or normal flow) can view application users passwords.

                            
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1440">
<credentials passwordFormat="Clear">
<user name="admin" password="secret" />
</credentials>
</forms>
</authentication>
…
            
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!