Session Fixation
Finding: The application does not re-initialize the session ID stored in the cookie field after login. this allow an attacker to steal the session ID assigned before invalid login,wait for a valid user to use that browser to login from,and then simultaneously use the stolen and now-valid session ID of thtat user to access restricted pages in the application.
The attacker leaves the browser open and goes to his own computer (another system) whrere he waits for a valid user to use that browser to login into the application and enter into the authenticated module.A genuine user logs in the application with the same session ID that was logged earlier on by the attacker.
Recommendation: Add a new cookie that randomly changes for each login attempt. Also regenerate session id before and after authentication.
Write this code on the page load of every authenticated page
Int64 value;
Random randomclass = new Random();
value = randomclass.Next();
HttpCookie mycookie = new HttpCookie("cookieforsession");
mycookie.Value = value.ToString();
Response.Cookies.Add(mycookie);
Session["sessionstorecookie"] = value.ToString();
if (mycookie.Value != Session["sessionstorecookie"].ToString())
{
Response.Redirect("../ErrorPage.aspx", false);
}
The attacker leaves the browser open and goes to his own computer (another system) whrere he waits for a valid user to use that browser to login into the application and enter into the authenticated module.A genuine user logs in the application with the same session ID that was logged earlier on by the attacker.
Recommendation: Add a new cookie that randomly changes for each login attempt. Also regenerate session id before and after authentication.
Write this code on the page load of every authenticated page
Int64 value;
Random randomclass = new Random();
value = randomclass.Next();
HttpCookie mycookie = new HttpCookie("cookieforsession");
mycookie.Value = value.ToString();
Response.Cookies.Add(mycookie);
Session["sessionstorecookie"] = value.ToString();
if (mycookie.Value != Session["sessionstorecookie"].ToString())
{
Response.Redirect("../ErrorPage.aspx", false);
}
Comments
Post a Comment