a guest Jun 12th, 2019 42 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- Greetings from Delhi, India.
- I am Akash Sharma, a cyber security researcher & bug hunter.
- LinkedIn: @iamakashsharma
- I have found some vulnerability on your website example.com
- Vulnerability Name: Improperly Configured HSTS
- Vulnerable Site: example.com
- Classifications: CAPEC-217, OWASP 2013-A6
- Replication Steps:
- 1. Visited http://example.com/auth/login.html
- 2. Checked & confirmed HSTS is enforced & enabled.
- 3. Here, Strict Transport Security is not implemented & hence making it prone to attacks like SSLStripping MiTM or Cookie Hijacking.
- 4. Also, login panel is accesible & have this HSTS absent.
- 5. Visited http://example.com/auth/login.html
- 6. Tried Logging in with Username: email@example.com & Password: testpassword123
- 7. Captured the POST packets with Wireshark.
- 8. Able to access the login details in cleartext as no encryption implemented & missing HSTS.
- Impact: An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against it's users.
- Possible Remediation: The website configuration should instruct web browsers to only access the application using HTTPS. Enable HTTP Strict Transport Security by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime'. Consider adding the 'includeSubDomains' flag if needed.
- POC: Video enclosed in attachments.
- Since it's a point of concern for the security & integrity of your organisation, so I would like to extend further support as well, if needed.
- I hope to get a positive response on this & expect a token of appreciation for my efforts.
RAW Paste Data