Unauthenticated Authentication: Null Bytes and the Affect on Web-based
Added by the EDUCAUSE Librarian
| Title: | Unauthenticated Authentication: Null Bytes and the Affect on Web-based (ID: CSD4875) | |
| Author(s): | Alex Everett (Oklahoma State University) | |
| Topics: | Authentication, LDAP, Network Security and Applications, Network Vulnerability Assessment, Vulnerability Scanning | |
| Origin: | Contributed by Organizations or Campuses (2006) | |
| Type: | Articles, Papers, and Reports | |
| Abstract: | This paper describes a vulnerability that may affect web-based applications that insecurely implement LDAP simple binds for the authentication of users. Web-based applications that fail to properly sanitize a user-submitted username and password may be vulnerable. Successful exploitation may allow for a remote anonymous user to authenticate to the web-based application as any existing user. The exploits described in this paper are most closely related to the Poison NULL byte attacks described in 1999 by Rain Forest Puppy, although utilized for a new purpose [1]. | |
| View this resource: |
|
Bookmark/Search this page with:
