LAN Only

Weak Login Function: via LAN Only

Overview of the Vulnerability

Weak login functionality arises from improperly configured authentication practices which weakens the security of the authentication process of an application. This application does not protect the security of users’ credentials as the login is only available via a LAN connection. A malicious attacker can Person-in-the-Middle (PiTM) communication between the user and the application on the LAN to steal administrative credentials and login to the system using admin privileges.

Business Impact

Weak login function can lead to indirect financial loss through an attacker accessing login credentials and gaining access to the user’s account. From here, the attacker could delete, or modify data. This could also result in reputational damage for the business through the impact to customers’ trust. The severity of the impact is dependent on the sensitivity of the data being stored in, and transmitted by the application, as well as the privileges of the account the attacker gains access to.

Steps to Reproduce

1. On the LAN, poison the DNS and ARP tables of the target:

{{screenshot}}

1. Man-in-The-Middle (MiTM) communication and route traffic through your computer:

{{screenshot}}

1. Forward the request to see that the requests are unencrypted in transit

Proof of Concept (PoC)

The following screenshots show the full exploit:

{{screenshot}}

Recommendation(s)

Weak login function can be remediated by implementing a handful of best practices relating to authentication and session management to ensure secure implementation. These include:

• Enabling HTTPS for the login page and all subsequent authenticated pages

• Disable the option of forcing a HTTP connection by browsers

• Implement the HTTP Strict Transport Security (HSTS) header

• Keeping all systems, software and operating systems up-to-date with a repeatable patch management process

• Validate all user input server-side

• Ensure that the authentication mechanisms and logic are robust and that each request for a resource passes through an authorization process

The verification logic of the application, as well as all of the above, should be thoroughly tested during the development and QA phases of an application build.

For further information, refer to Open Web Application Security Project(OWASP) guides located at:

• https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#transmit-passwords-only-over-tls-or-other-strong-transport

• https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

• https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/