Last post Sep 27, 2010 06:18 PM by CaptainQuery
Sep 26, 2010 06:31 PM|CaptainQuery|LINK
I've implemented a possible fix for ASP.NET 4.0 by creating a custom crypto algorithm which uses AES + SHA256 hash.
This way it is not easily possible to create new valid requests. The hash function will sort out the majority of the requests as being invalid. Even if the attacker has the machine key, the attacker also needs the secret hash key to encrypt custom data.
If someone is interested:
Sep 26, 2010 11:40 PM|rnienhuis|LINK
What's realy bothering me is that ASP.Net already signs forms-cookies using the servers validationKey. FormsAuthentication.Encrypt appends (part of) HMAC to the ticket and Decrypt validates the HMAC.
Still the demonstrated attack shows POET changing cookies.
Sep 27, 2010 02:06 AM|CaptainQuery|LINK
I also wondered about that.
It seems that this encryption won't be used in the forms auth, because it always takes a 3des or des algorithm. If it's oracling then the signing validation comes after the decryption and that would be an easy fix for microsoft.
I don't know if the auth cookie mechanism can be used to guess the machineKey, it certainly can be used as an exploit as demonstrated. I wonder where the application stores the validation keys, if those are accessible after breaking the machineKey with the
.axd then I understand why it is possible to forge authentication cookies.
I'll look into the forms auth cookies and what happens exactly later this day.
Sep 27, 2010 02:15 AM|rnienhuis|LINK
The machineKey section contains 2 keys: an encryptionKey and a validationKey. FormsAuthentication.Encrypt uses both (see Reflector). An HMAC based on this validationKey is appended to plaintext and after that encrypted using encryptionKey.
I do understand how POET is able to obtain the encryptionKey using webresource.axd as an attack vector. But i realy don't understand how it obtains the validationKey. To my understanding it is not possible to use padding oracles on a HMAC in order to obtain
the key used to generate the HMAC.
Does anyone understand this??
Sep 27, 2010 02:40 AM|CaptainQuery|LINK
The video showed adding the machineKey to the web.config, the .axd exploit which allows downloading the web.config would surely compromise the validationkey in that specific case.
My implementation would stop the initial attack.
Sep 27, 2010 06:18 PM|CaptainQuery|LINK
Resolved, tomorrow there is an OOB patch of MS.