Menu
I am using asp.net identity 2.0 for authentication(Owin middleware) in my application. Session hijacking: When i login Identity creates AspNet.ApplicationCookie.then,I copied AspNet.ApplicationCookie value.Then i logged out from the application.After Logout,I am creating cookie manually(AspNet.ApplicationCookie) and do a refresh It redirects me home page.
Privilege Escalation: At the same time i logged in as a User A.I copied(AspNet.ApplicationCookie) his cookie and the i logged out.After i logged in as a User B.I am editing User B Cookie and pasted User A cookie and saved it.After I refreshed the browser I can get UserA access and authentication.
I am clearing all the session and and delete all the cookies When i logged out.Even Asp.Net identity(Owin) generates new AspNet.ApplicationCookie each and every time.But still it accepts old cookies and give me a access.I don't know why? Can any one give me how to invalidate old AspNet.ApplicationCookie after log out. This is my code in Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}
//This is logout code
public ActionResult LogOff ( )
{
//Delete all cookies while user log out
string[] myCookies = Request.Cookies.AllKeys;
foreach ( var cookies in myCookies )
{
Response.Cookies[ cookies ].Expires = DateTime.Now.AddDays(-1);
}
Request.GetOwinContext( ).Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
// AuthenticationManager.SignOut( );
Session.Clear( );
Session.RemoveAll( );
Session.Abandon( );
return RedirectToAction("LoginPage", "Account");
}
//This is my login controller code
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
await SignInAsync(user, model.RememberMe);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
704
Privilege escalation is using a vulnerability to gain privileges other than what was originally intended for the user. There are two main types of privilege escalation: horizontal and vertical. You need to understand these types of privilege escalation and how to protect against privilege escalation in general.
Windows Sysinternals. Another common method of privilege escalation in windows is through the use of the Sysinternals tool suite. After an attacker gains a backdoor into the system using the “Sticky Keys” method, they can further escalate their privileges to system access.
A privilege escalation attack is a cyberattack designed to gain unauthorized privileged access into a system. Attackers exploit human behaviors, design flaws or oversights in operating systems or web applications.
An elevation-of-privilege occurs when an application gains rights or privileges that should not be available to them. Many of the elevation-of-privilege exploits are similar to exploits for other threats. For example, buffer overrun attacks that cleverly attempt to write executable code.
This is by design. Allowing you to be signed-in from multiple browsers and log-out only in the browser where you have clicked the "log-out" and not all the other browsers.
But on log-out you can update SecurityStamp on the user, and then set up security stamp validation period for a very low period of time.
This will change security stamp:
await userManager.UpdateSecurityStampAsync(user.Id);
put this in your logout method.
And in your Startup.Auth.cs modify UseCookieAuthentication in this way:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(1), // set this low enough to optimise between speed and DB performance
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
}
});
The only drawback with this approach - when logout procedure is not executed - nothing happens. And when logout happens, it logs out all other sessions.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
