Peaches Posted September 23, 2010 Report Share Posted September 23, 2010 Quote Crypto weakness leaves online banking apps open to attackPadding Oracle 'affects every ASP.NET web application'By John Leyden Flaws in the way web applications handle encrypted session cookies might leave online banking accounts open to attack. The security risk stems from a cryptographic weakness in web applications developed using Microsoft's ASP.Net framework. ASP.Net uses the US government-approved AES encryption algorithm to secure the cookies generated by applications during online banking sessions and the like. However implementation flaws in how ASP.NET handles errors when the encrypted data in a cookie has been modified give clues to a potential attacker that would allow him to narrow down the possible range of the keys used in an online banking session. Attacks based on this weakness might allow a hacker to decrypt sniffed cookies or forge authentications tickets, among other attacks. Story - http://www.theregist...ps_crypto_flaw/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.