Authentication bypass in routers

Posted Mar 6, 2008 10:07 UTC (Thu) by scarabaeus (guest, #7142)
Parent article: Authentication bypass in routers

In terms of web security, authentication bypass is usually quite easy to avoid, it is a matter of ensuring valid credentials anywhere they are required. Before performing any action that requires a logged-in user, check the cookie (or other persistent authentication mechanism) for validity to perform the action requested.

Unfortunately, it isn't so easy: Using CSRF, the attacker can exploit the fact that a user may already be logged into his router. If the programmer of the web app is unaware of this type of attack, he is bound to get it wrong, because usually some extra implementation details are necessary to defeat it.