Practical attacks on Login CSRF in OAuth. Issue 121 (October 2022)
- Record Type:
- Journal Article
- Title:
- Practical attacks on Login CSRF in OAuth. Issue 121 (October 2022)
- Main Title:
- Practical attacks on Login CSRF in OAuth
- Authors:
- Arshad, Elham
Benolli, Michele
Crispo, Bruno - Abstract:
- Abstract: OAuth 2.0 is an important and well studied protocol. However, despite the presence of guidelines and best practices, the current implementations are still vulnerable and error-prone. This research mainly focused on the Cross-Site Request Forgery (CSRF) attack. This attack is one of the dangerous vulnerabilities in OAuth protocol, which has been mitigated through state parameter. However, despite the presence of this parameter in the OAuth deployment, many websites are still vulnerable to the OAuth-CSRF (OCSRF) attack. We studied one of the most recurrent type of OCSRF attack through a variety range of novel attack strategies based on different possible implementation weaknesses and the state of the victim's browser at the time of the attack. In order to validate them, we designed a repeatable methodology and conducted a large-scale analysis on 395 high-ranked sites to assess the prevalence of OCSRF vulnerabilities. Our automated crawler discovered about 36% of targeted sites are still vulnerable and detected about 20% more well-hidden vulnerable sites utilizing the novel attack strategies. Based on our experiment, there was a significant rise in the number of OCSRF protection compared to the past scale analyses and yet over 25% of sites are exploitable to at least one proposed attack strategy. Despite a standard countermeasure exists to mitigate the OCSRF, our study shows that lack of awareness about implementation mistakes is an important reason for a significantAbstract: OAuth 2.0 is an important and well studied protocol. However, despite the presence of guidelines and best practices, the current implementations are still vulnerable and error-prone. This research mainly focused on the Cross-Site Request Forgery (CSRF) attack. This attack is one of the dangerous vulnerabilities in OAuth protocol, which has been mitigated through state parameter. However, despite the presence of this parameter in the OAuth deployment, many websites are still vulnerable to the OAuth-CSRF (OCSRF) attack. We studied one of the most recurrent type of OCSRF attack through a variety range of novel attack strategies based on different possible implementation weaknesses and the state of the victim's browser at the time of the attack. In order to validate them, we designed a repeatable methodology and conducted a large-scale analysis on 395 high-ranked sites to assess the prevalence of OCSRF vulnerabilities. Our automated crawler discovered about 36% of targeted sites are still vulnerable and detected about 20% more well-hidden vulnerable sites utilizing the novel attack strategies. Based on our experiment, there was a significant rise in the number of OCSRF protection compared to the past scale analyses and yet over 25% of sites are exploitable to at least one proposed attack strategy. Despite a standard countermeasure exists to mitigate the OCSRF, our study shows that lack of awareness about implementation mistakes is an important reason for a significant number of vulnerable sites. … (more)
- Is Part Of:
- Computers & security. Issue 121(2022)
- Journal:
- Computers & security
- Issue:
- Issue 121(2022)
- Issue Display:
- Volume 121, Issue 121 (2022)
- Year:
- 2022
- Volume:
- 121
- Issue:
- 121
- Issue Sort Value:
- 2022-0121-0121-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-10
- Subjects:
- OAuth -- OpenID Connect -- Request Forgery -- CSRF -- Login CSRF -- state parameter -- Custom HTTP Headers
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102859 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23049.xml