SHARE
TWEET

bugs report

a guest Jun 12th, 2019 42 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Greetings from Delhi, India.
  2. I am Akash Sharma, a cyber security researcher & bug hunter.
  3. LinkedIn: @iamakashsharma
  4.  
  5. I have found some vulnerability on your website example.com
  6.  
  7. ==================
  8.  
  9. Vulnerability Name: Improperly Configured HSTS
  10. Vulnerable Site: example.com
  11. Classifications: CAPEC-217, OWASP 2013-A6
  12.  
  13. Replication Steps:
  14. 1. Visited http://example.com/auth/login.html
  15. 2. Checked & confirmed HSTS is enforced & enabled.
  16. 3. Here, Strict Transport Security is not implemented & hence making it prone to attacks like SSLStripping MiTM or Cookie Hijacking.
  17. 4. Also, login panel is accesible & have this HSTS absent.
  18. 5. Visited http://example.com/auth/login.html
  19. 6. Tried Logging in with Username: example@gmail.com & Password: testpassword123
  20. 7. Captured the POST packets with Wireshark.
  21. 8. Able to access the login details in cleartext as no encryption implemented & missing HSTS.
  22.  
  23. Impact: An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against it's users.
  24.  
  25. Possible Remediation: The website configuration should instruct web browsers to only access the application using HTTPS. Enable HTTP Strict Transport Security by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime'. Consider adding the 'includeSubDomains' flag if needed.
  26.  
  27. POC: Video enclosed in attachments.
  28.  
  29. ==================
  30.  
  31. Since it's a point of concern for the security & integrity of your organisation, so I would like to extend further support as well, if needed.
  32. I hope to get a positive response on this & expect a token of appreciation for my efforts.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top