-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathSocketAuthRace.qhelp
More file actions
43 lines (36 loc) · 1.36 KB
/
SocketAuthRace.qhelp
File metadata and controls
43 lines (36 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
A common pattern is to have a channel of communication open with a user, and then to open
another channel, for example to transfer data. However, if user authentication is done over
the original channel rather than the alternate
channel, then an attacker may be able to connect to the alternate channel before the legitimate
user does. This allows the attacker to impersonate the user by "piggybacking" on
any previous authentication.
</p>
</overview>
<recommendation>
<p>
When opening an alternate channel for an authenticated user (for example, a Java <code>Socket</code>),
always authenticate the user over the new channel.
</p>
</recommendation>
<example>
<p>
This example shows two ways of opening a connection for a user. In the first example, authentication is
determined based on materials that the user has already provided (for example, their username and/or password), and then
a new channel is opened. However, no authentication is done over the new channel, and so an attacker
could connect to it before the user connects.
</p>
<p>
In the second example, authentication is done over the socket channel itself, which verifies that the newly connected
user is in fact the user that was expected.
</p>
<sample src="SocketAuthRace.java" />
</example>
<references>
</references>
</qhelp>