SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 3 (Web & Auth)
3.1 Authentication Methods
(a) In the lectures you learned that authentication can be done based on three factors. Name all three of them and provide an example for each one.
(b) Following a cyber attack, a database containing user credentials was exposed. The database contained the following user names and password hashes. Try to find out as much as possible about each user¡¯s password. What strategies were most helpful?
Copyright By PowCoder代写 加微信 powcoder
Name Password Hash
alice ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f bob cbe6beb26479b568e5f15b50217c6c83c0ee051dc4e522b9840d8e291d6aaf46 charlie ab73111063742562160baa2d3c74f7e8ccbd369430922d2afa699fd21fdbcd79 dave 4938ae51a2c6df81f5ed9c034ac024c4565a898d50acf268228bc537e53a3ba0 eve a5c5ad14eb56a776e9c3a83314691bf045d03cbc931f43a6ec447e1dae85ac05 frank ab73111063742562160baa2d3c74f7e8ccbd369430922d2afa699fd21fdbcd79
(c) Explain why even if only strong passwords were used, simple hashing without salt would still be a bad idea.
(d) In which cases of attack would so-called pepper help to keep passwords secure?
(e) In the lecture you learned a formula to approximate the entropy of a password based on it¡¯s
alphabet and length. Use this formula to answer the following questions:
I Assuming a constant alphabet, which increase in length is needed in order to increase the
entropy by a factor of k?
II Assuming a constant length, which increase of the alphabet is needed in order to increase
the entropy by a factor of k?
3.2 Authentication Protocols
Given the protocols communication diagrams of both the admin and the client, describe the weakness and how to exploit it.
How can the client gain admin rights by listening on the communication channel?
Figure 1: Client communication
SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 3 (Web & Auth)
Figure 2: Admin communication
You find the following Java code running on a web server. The input parameter id is set using a URL parameter like: www.veryvulnerablewebsite.com/accountInfo?id=1
public static String getAccountInfo(String id) {
String query =
“SELECT firstName, lastName FROM users WHERE id = ‘” + id + “‘”;
Statement st = conn.createStatement(); ResultSet rs = st.executeQuery(query);
(a) This code contains a security flaw. Where is it and how is it called?
(b) Give an example of an input which allows the user to read more data than intended.
(c) Which practices help to avoid SQL injections?
3.4 Cross-Site Request Forgery
Assume the following pseudo-code is used by a service to handle orders, located at
http://supershop.example/order
def handler(request):
session = request.cookies.get(“session”) if not session:
user = get_session_attribute(session , “user”) if not user:
article = request.body[“article”] quantity = request.body[“quantity”]
SFL Prof. Dr. C. Rossow / S. Hausotte
TU Dortmund WS 2021/2022
Exercise 3 (Web & Auth)
address = request.body[“address”] user.process_order(article , quantity , address)
(a) Why is this code vulnerable?
(b) How could an attacker exploit the vulnerability?
(c) How would you mitigate this vulnerability?
(d) Extra: Can you think of any reasons it would be useful to protect login forms against CSRF as well?
Have a look at the source of the website ¡®sfl.de/index.php¡®:
$name = $_GET[‘name’]; echo “Welcome $name
“; ?>
(a) Explain what the code tries to achieve and where ¡¯name¡¯ comes from. Also give an example URL to make a benign call to the website.
(b) Now find a way to exploit the site¡¯s vulnerability to cross-site scripting. Is your example reflective or persistent? What else would be necessary to cause the other form of XSS?
(c) How are we able to avoid vulnerabilities like this one?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com