AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

WCF Unsafe Certificate Validation

The attacker can read the sensitive traffic in cleartext between clients and the server, such as usernames, passwords, credit card numbers, etc.

Severity

Critical

Fix Cost

Medium

Trust Level

High

SSL is the de-facto standard used to provide end-to-end secrecy between clients and the server over HTTP.

HTTPS using server administrators buy valid SSL certificates from valid certificate authorities. They provide these certificates to the user agents during connection and the user agents, browsers, apply various check mechanisms to make sure that the user is connecting to a valid domain. A few of these checks;

  • The domain name on the certificate should match the target domain name that the user wants to connect
  • The certificate shouldn’t be expired
  • The certificate shouldn’t be revoked
  • The certificate should be signed with a valid certificate authority (prebuilt into the browsers)

If any of these checks fail, the end user is presented an interface saying that the connection isn’t secure. This warning interface is the single most important warning medium for the end users against attackers executing man in the middle attacks using hacking techniques such as ARP poisoning.

Sometimes, we write code connecting to a test server during testing which has a self-signed SSL certificate. The self-signed SSL certificates can’t provide the security assurance that the above controls want to assure, however, SSL certificates are somewhat expensive and needs time to acquire. So during test process self-signed SSL certificates are installed into the test servers.

WCF services that connects to one of these test servers fail miserably because of the the last control listed above. In order to “fix” this, you can temporarily disable the mechanism that checks the chain of trust for a certificate. To do this, set the CertificateValidationMode property to one of unsafe values, which specifies that the certificate can either be self-issued (peer trust) or part of a chain of trust.

For example;

            
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
                 
            

Another possible place for these unsafe values;

            
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<peer>
<peerAuthentication certificateValidationMode="PeerTrust" />
...
                     

Yet another one;

                
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<peer>
<messageSenderAuthentication certificateValidationMode="PeerTrust"/>
</peer>
...
                
            

Possible unsafe values for certificateValidationMode are;

  • None
  • PeerTrust
  • PeerOrChainTrust

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!