A posting on milw0rm.com by gammarays very interesting in my opinion. In the video proof of conceptnya seen he can generate the authentication cookie to go into any yahoo as your username. How did he do it?
I have read his paper and discussed with him via email. Because of its highly critical of some important things he did not disclose, in this case I agree because I also have a yahoo account, of course I do not want others to read my email: D
Yahoo Authentication
Yahoo implement single sign-on authentication in doing so someone enough to log in just once, when the login is successful, then he will get the kind of free pass card to be able to enjoy all the services in the yahoo network. Freepass card mentioned is in the form of cookies. Only the user who holds the right cookie is allowed into. Without the right cookie, you will be kicked to the login page.
Yahoo cookie that functions to authentication are Y and T. Only two of this cookie you need to access all of yahoo services, including email and messenger. Yahoo authentication scheme which is normal as shown below:
Red arrows indicate access without a cookie, while the blue is access to the cookies. In the example above I used the example mail service. Login server in yahoo is the only login.yahoo.com be accessed with https. When a user access without cookies then she will be redirected to the login server, if the login is successful he will be given a cookie and redirected back to the service which will be accessed initially.
Gammarays paper shows that a user can generate his own cookienya, so he no longer need to log in to login.yahoo.com. That means he does not need to know the password for someone to read their email, flownya look like in the following figure:
Gammarays paper shows that a user can generate his own cookienya, so he no longer need to log in to login.yahoo.com. That means he does not need to know the password for someone to read their email, flownya look like in the following figure:
In the flow over the user does not need access to login.yahoo.com because he can make your own cookie valid for entry into mail.yahoo.com. This means he can access any account without knowing password. Let's surgical cookie contents of Y and T.
Y Cookies
Y cookie is static, every user can successfully log into yahoo, he will get the value of Y the same cookie. Cookies Y consists of several fields:
* V: version, always filled with a value of 1.
* N: random value generated when users create an account or change passwords.
* L: username that are encoded with a simple substitution technique. Mapping of "abcdefghijklmnopqrstuvwxyz0123456789._ @ - +" to "0123456789abcdefghijklmnopqrstuvwxyz._-+". An example would be rizkiwicaksono username h8pa8m820aiede.
* R: registers week. Time relative to register your account on June 30, 1996 - 6:00 pm in the week.
Of all the variables that are confidential n and r. Without knowing the value of n and r are true, then could not make its own cookie Y. To get the values of n and r can access the database with yahoo (you need to hack yahoo server) as the Gammarays, or you can steal someone else a cookie and then retrieve the value of n and r from the cookie. Yahoo only use https on login time, then when someone does not access the service via https, so it was easy to in-Sniff cookienya.
T Cookies
T Cookies are not static in nature because it contains the timestamp field and ip address. Besides these cookies also contain signature functions maintain the integrity of other fields. With this signature if there is another field that is changed then the signature is not valid anymore menjad.
Existing field at T A cookie is:
* A: age of YAE value or QAE. Indicates whether this user can access the content for readers aged 18 years and over.
* D: data consisting of some subfield: a, sl, g, ok, zz, tip.
* Sk: signature version 3.
* Ks: signature version 4.
Sub-field of the field d is:
* A: age, YAE or QAE.
* G: globally unique identifier. When you login to yahoo and saw your profile, will diredirectt to address: profiles.yahoo.com / u /.
* Ok: verified email, usually contain-ZW0.
* Sl: sled ID retrieved from the database user (fixed in nature, changing the password will not change sl).
* Zz: timestamp, used to check whether the cookies have expired.
* Tip: tcookie ip address, ip address user.
Of all the fields in the cookie is a secret T sl. Global identifier can be found using the Yahoo Query Language console. Example: select * from yahoo.identity where yid = 'spullara' result is: 7C7SIF3MMHEOH3MJ5HYPYQQVQI. 
While zzz field is taken from the time and tips taken from ip address. After all of the fields known to the field a value, sl, g, ok, zz, tip into the field diconcat d. Then the field l, n and d used as input to produce the signature stored in the field sk. Then ks field generated by the input of the l, n, d and sk. Script to generate sk and ks is on the Gammarays paper. However, for security reasons the script is not complete and therefore could not run.
Of all the fields needed to be a secret key is n, r and sl. The rest is a field that is not confidential. Field confidential n, r and sl was also easy to steal because the content of this field is sent in the form of cookies that were not so vulnerable enkrip sniffing. Once the cookies had been stolen, then the value of n, r and sl victims will be taken with ease. If that happens then the attacker can then generate a cookie to Y and T itself to access the victim's account.
Authentication tokens in yahoo is not in the form of random sessionid but in the form of a collection of fields that are encoded and given a signature. Herein lies the fault, ie yahoo implement security through obscurity in tokennya session. Because once and signature encoding algorithm is known and the field n, r and sl is obtained, the attacker can easily create their own cookienya session. This is different to the use of random session id in a cookie.
Stolen random session id is valid only for session lifetime. Stolen n, r and sl last forever (until victims change their password).
Random session id does not rely on algorithms or data confidentiality, but uses a random number that is very difficult to predict. A good session id must be one time only (unique) and extremely hard to guess. In this way the session id to get the attacker to perform brute-force guessing session id. Even if he managed to steal sessionid the sessionid is only valid until the session is valid, then it would be useless sessionid. Unlike the sessionid leakage, leakage fields n, r and sl in yahoo cookies lasted so long, until the user change the password. Although the user has logged off of yahoo, the attacker who has a field n, r and sl could go back in to generate cookies and T. Y
Y Cookies
Y cookie is static, every user can successfully log into yahoo, he will get the value of Y the same cookie. Cookies Y consists of several fields:
* V: version, always filled with a value of 1.
* N: random value generated when users create an account or change passwords.
* L: username that are encoded with a simple substitution technique. Mapping of "abcdefghijklmnopqrstuvwxyz0123456789._ @ - +" to "0123456789abcdefghijklmnopqrstuvwxyz._-+". An example would be rizkiwicaksono username h8pa8m820aiede.
* R: registers week. Time relative to register your account on June 30, 1996 - 6:00 pm in the week.
Of all the variables that are confidential n and r. Without knowing the value of n and r are true, then could not make its own cookie Y. To get the values of n and r can access the database with yahoo (you need to hack yahoo server) as the Gammarays, or you can steal someone else a cookie and then retrieve the value of n and r from the cookie. Yahoo only use https on login time, then when someone does not access the service via https, so it was easy to in-Sniff cookienya.
T Cookies
T Cookies are not static in nature because it contains the timestamp field and ip address. Besides these cookies also contain signature functions maintain the integrity of other fields. With this signature if there is another field that is changed then the signature is not valid anymore menjad.
Existing field at T A cookie is:
* A: age of YAE value or QAE. Indicates whether this user can access the content for readers aged 18 years and over.
* D: data consisting of some subfield: a, sl, g, ok, zz, tip.
* Sk: signature version 3.
* Ks: signature version 4.
Sub-field of the field d is:
* A: age, YAE or QAE.
* G: globally unique identifier. When you login to yahoo and saw your profile, will diredirectt to address: profiles.yahoo.com / u /
* Ok: verified email, usually contain-ZW0.
* Sl: sled ID retrieved from the database user (fixed in nature, changing the password will not change sl).
* Tip: tcookie ip address, ip address user.
Of all the fields in the cookie is a secret T sl. Global identifier can be found using the Yahoo Query Language console. Example: select * from yahoo.identity where yid = 'spullara' result is: 7C7SIF3MMHEOH3MJ5HYPYQQVQI.
While zzz field is taken from the time and tips taken from ip address. After all of the fields known to the field a value, sl, g, ok, zz, tip into the field diconcat d. Then the field l, n and d used as input to produce the signature stored in the field sk. Then ks field generated by the input of the l, n, d and sk. Script to generate sk and ks is on the Gammarays paper. However, for security reasons the script is not complete and therefore could not run.Of all the fields needed to be a secret key is n, r and sl. The rest is a field that is not confidential. Field confidential n, r and sl was also easy to steal because the content of this field is sent in the form of cookies that were not so vulnerable enkrip sniffing. Once the cookies had been stolen, then the value of n, r and sl victims will be taken with ease. If that happens then the attacker can then generate a cookie to Y and T itself to access the victim's account.
Authentication tokens in yahoo is not in the form of random sessionid but in the form of a collection of fields that are encoded and given a signature. Herein lies the fault, ie yahoo implement security through obscurity in tokennya session. Because once and signature encoding algorithm is known and the field n, r and sl is obtained, the attacker can easily create their own cookienya session. This is different to the use of random session id in a cookie.
Stolen random session id is valid only for session lifetime. Stolen n, r and sl last forever (until victims change their password).
Random session id does not rely on algorithms or data confidentiality, but uses a random number that is very difficult to predict. A good session id must be one time only (unique) and extremely hard to guess. In this way the session id to get the attacker to perform brute-force guessing session id. Even if he managed to steal sessionid the sessionid is only valid until the session is valid, then it would be useless sessionid. Unlike the sessionid leakage, leakage fields n, r and sl in yahoo cookies lasted so long, until the user change the password. Although the user has logged off of yahoo, the attacker who has a field n, r and sl could go back in to generate cookies and T. Y
Tidak ada komentar:
Posting Komentar