CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-301: Reflection Attack in an Authentication Protocol

 
Reflection Attack in an Authentication Protocol
Weakness ID: 301 (Weakness Variant)Status: Draft
+ Description

Description Summary

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Extended Description

A mutual authentication protocol requires each party to respond to a random challenge by the other party by encrypting it with a pre-shared key. Often, however, such protocols employ the same pre-shared key for communication with a number of different entities. A malicious user or an attacker can easily compromise this protocol without possessing the correct key by employing a reflection attack on the protocol.

+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect

Technical Impact: Gain privileges / assume identity

The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
unsigned char *simple_digest(char *alg,char *buf,unsigned int len, int *olen) {
const EVP_MD *m;
EVP_MD_CTX ctx;
unsigned char *ret;
OpenSSL_add_all_digests();
if (!(m = EVP_get_digestbyname(alg))) return NULL;
if (!(ret = (unsigned char*)malloc(EVP_MAX_MD_SIZE))) return NULL;
EVP_DigestInit(&ctx, m);
EVP_DigestUpdate(&ctx,buf,len);
EVP_DigestFinal(&ctx,ret,olen);
return ret;
}
unsigned char *generate_password_and_cmd(char *password_and_cmd) {
simple_digest("sha1",password,strlen(password_and_cmd)
...
);
}
(Bad Code)
Example Language: Java 
String command = new String("some cmd to execute & the password") MessageDigest encer = MessageDigest.getInstance("SHA");
encer.update(command.getBytes("UTF-8"));
byte[] digest = encer.digest();
+ Observed Examples
ReferenceDescription
product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.
+ Potential Mitigations

Phase: Architecture and Design

Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Phase: Architecture and Design

Let the initiator prove its identity before proceeding.

+ Other Notes

Reflection attacks capitalize on mutual authentication schemes in order to trick the target into revealing the secret shared between it and another valid user. In a basic mutual-authentication scheme, a secret is known to both the valid user and the server; this allows them to authenticate. In order that they may verify this shared secret without sending it plainly over the wire, they utilize a Diffie-Hellman-style scheme in which they each pick a value, then request the hash of that value as keyed by the shared secret. In a reflection attack, the attacker claims to be a valid user and requests the hash of a random value from the server. When the server returns this value and requests its own value to be hashed, the attacker opens another connection to the server. This time, the hash requested by the attacker is the value which the server requested in the first connection. When the server returns this hashed value, it is used in the first connection, authenticating the attacker successfully as the impersonated valid user.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class287Improper Authentication
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory718OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
Weaknesses in OWASP Top Ten (2007) (primary)629
ChildOfCategoryCategory902SFP Cluster: Channel
Software Fault Pattern (SFP) Clusters (primary)888
PeerOfWeakness BaseWeakness Base327Use of a Broken or Risky Cryptographic Algorithm
Research Concepts1000
MemberOfViewView884CWE Cross-section
CWE Cross-section (primary)884
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPReflection attack in an auth protocol
OWASP Top Ten 2007A7Broken Authentication and Session Management
+ References
[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 2, "Insufficient Validation", Page 38.. 1st Edition. Addison Wesley. 2006.
+ Maintenance Notes

The term "reflection" is used in multiple ways within CWE and the community, so its usage should be reviewed.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Time_of_Introduction
2008-09-08MITREInternal
updated Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings
2011-06-01MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated Observed_Examples, References, Relationships
Page Last Updated: June 23, 2014