AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

WCF Unsafe Metadata Publishing

Detailed metadata information of an application endpoints may allow attackers to deduce internal details of an application that will leverage further attacks

Severity

Medium

Fix Cost

Low

Trust Level

High

Publishing metadata allows clients to retrieve the service description information using a WS-Transfer GET request or an HTTP(S)/GET request with or without using the ?wsdl query string such as below;

http://www.vulnerable.com/customer.svc?wsdl

or just,

http://www.vulnerable.com/customer.svc

Here’s an insecure WCF service metadata directive;

            
<system.serviceModel>
<behaviors>
<serviceBehaviors>   	 
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
…
                 
            

Same effect with code;

            
try
{
var smb = svcHost.Description.Behaviors.Find <ServiceMetadataBehavior>();  
if (smb == null)
{
smb = new ServiceMetadataBehavior();
}
smb.HttpGetEnabled = true;
svcHost.Description.Behaviors.Add(smb);
...
                
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!