Broken Authentication

SAML Auth Bypass


Tamper Username/Email

  • A weak SAML implementation would not validate the signature and thus allow an attacker to access the account of another user.

Comment Injection

  • An XML canonicalization transform is employed while signing the XML document to produce the identical signature for logically or semantically similar documents. (Different positions will still have the same meaning)

  • Canonicalization engine ignores comments and whitespaces while creating a signature.

  • The XML parser might parse the below example in 3 parts.

    • text: notsosecure

    • comment: <!-- this is a comment -->

    • text:

  • The XML parser returns the last node, which might allow you to log in as

.Net Machine Key Auth Bypass

  • Machine Key is used for encryption and decryption of forms authentication , cookie data, and view-state data, and for out-of-process session state identification.

  • This is configured in the web.config file.

  • The following are encrypted with a Machine Key

    • Authentication tokens

      • Forms(ASPXAUTH)

      • OWIN - OAUTH Token

      • ASP.NET Cookie (.AspNet.ApplicationCookie)

    • Webresource.axd & Scriptresource.axd


    • CSRF Token

    • Password Reset Token

    • Role Cookie

    • Membership Passwords etc.

Testing for Leaked Machine Keys


  • Enumerate valid usernames

  • Encrypt a new cookie with the privileged username.

  • Replace 'ASPXAUTH' cookie during login, leading to auth bypass.

Weak Encryption

Electronic Codebook [ECB]

  • ECB is an encryption mode in which the message is split into blocks of X bytes length and each block is encrypted separately using a key.

  • Using ECB has multiple security implications:

    • Blocks from encrypted message can be removed without disturbing the decryption process.

    • Blocks from encrypted message can be moved around without disturbing the decryption process.


  • If application relies only on the ECB encryption of cookies for integrity.

    • Encryption provides confidentiality.

    • Signature provides integrity.

  • ECB mode allows an attacker to tamper the encrypted data without decrypting it.


  • Assumptions:

    • Web app does not validate the 'password' part in the cookie.

    • Cookie value is not randomized for User X for each successful login.

  • URL Decode - > Base64 Decode the cookie. Check if the HEX values are repeated.

  • If yes, identify the block size by creating a user/password with large string of same characters. For eg: 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'. For example, if the hex values are repeated after 8 bytes, the block-size=8 bytes

  • Assuming Block-size is 8 bytes. We will create a user 'aaaaaaaaadmin'. Decode the cookie. Delete the first 8 bytes from the cookie. Encode the new cookie using Base64. Replay this cookie with requests to impersonate user 'admin'.

Last updated