Resources
Location:
Unauthenticated Authentication: Null Bytes and the Affect on Web-based

Unauthenticated Authentication: Null Bytes and the Affect on Web-based

Title:Unauthenticated Authentication: Null Bytes and the Affect on Web-based (ID: CSD4875)
Author(s):Alex Everett (University of North Carolina at Chapel Hill)
Topics:Authentication, LDAP, Network Security and Applications, Network Vulnerability Assessment, Vulnerability Scanning
Origin:Community Contributions (2006)
Type:Articles, Papers, and Reports
Abstract:This paper describes a vulnerability that may affect web-based applications that insecurely implement LDAP simple binds for the authentication of users. Web-based applications that fail to properly sanitize a user-submitted username and password may be vulnerable. Successful exploitation may allow for a remote anonymous user to authenticate to the web-based application as any existing user. The exploits described in this paper are most closely related to the Poison NULL byte attacks described in 1999 by Rain Forest Puppy, although utilized for a new purpose [1].
View this resource:
 |  |  |  | 
Bookmark/Search this page with:
   del.icio.us   Digg   Google   Yahoo   Technorati Stumbleupon Facebook Twitter

 
© Copyright 1999-2009 EDUCAUSE
  Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.