认证漏洞存在多种多样,弱密钥,不完善的密码取回功能,用户认证机制漏洞,多层认证的绕过('Transaction Authentication Number'——TAN,即验证码、口令卡之类)。归根到底是认证机制和安全意识的缺失造成的漏洞。
根据各种方法劫持用户与服务器通讯得到用户名和密码,Cookie,从而进行访问控制绕过及进一步权限。
但是需要熟悉各种加密、编码机制,了解得到这些敏感信息后构造以进行回放攻击的方式。
PS:相应的防御机制,增加加密编码的破解难度。在用到session的应用服务对session的有效期作出限制。
1. Always use strong encryption during transmission.
2. Expire sessions quickly.
3. Never make the Session ID viewable.
4. Always select a strong session identifier.
5. Always double check critical operations
6. Always log out the user securely.
7. Always prevent client-side page caching on pages that display sensitive information.
8. Always require that users re-authenticate themselves after a specified period even if their session is still active.
9. It is possible to perform other kinds of sanity checking.