Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2008-0003
Type: Exploit
Status: Candidate
Classification:
Cryptographic
Information Disclosure
Description:
Sidejacking is a mechanism to gain unauthorized access to web-based applications that transmit session cookies in plaintext following SSL-based authentication.
Discussion:
Sidejacking is a term described by Errata Security to exploit websites that use HTTPS (SSL) authentication to protect user access credentials, but later revert to HTTP for traffic delivery. Often deployed for performance reasons, the use of HTTP for successive application access typically validates that a client has already been authenticated by issuing a session cookie to the client. For each successive request and response, the session cookie is transmitted in plaintext to validate the legitimate user.
An attacker who observes the cookie transmission can assume the identity of an attacker simply by copying the cookie content to their browser. This has been successfully demonstrated against popular webmail applications including GMail, Yahoo! Mail and Hotmail, where an attacker can observe a legitimate user access mail resources over HTTP and assume their identity. Once the identity of the victim has been assumed, the attacker can access the webmail application as if they had the user's authentication credentials, allowing them to receive, view and send email using the stolen identity.
One mitigation strategy for Sidejacking attacks is to prevent the unauthorized disclosure of information by leveraging encrypted wireless networks.
Credits
References
URL:
http://blogs.zdnet.com/Ou/?p=651
URL:
http://www.erratasec.com/sidejacking.zip
URL:
http://erratasec.blogspot.com/2007/08/sidejacking-with-hamster_05.html
Released: 2007-08-02
Submitter
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Submitted: Wed Apr 02 12:22:19 -0700 2008
Candidate Date: Wed Apr 02 12:23:17 -0700 2008
