What is "Form Caching Vulnerability"?
The Form Caching Vulnerability allows sensitive form fields to be cached and retrieved by another user on the same client.
CWE-525: Information Exposure Through Browser Caching
This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of "Broken Authentication and Session Management."
What is "Broken Authentication and Session Management"?
This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
Encrypting your sensitive data in your ASP.net web.config files is a simple process that can be done two different ways. The first way is to use a command prompt to execute a command and encrypt/decrypt the XML sections. The second way is to encrypt/decrypt programmatically from within your web site.
Things you need to know before starting:
- Which system account does your ASP.NET web site run as?
This is usually “NT AuthorityNetwork Service” or “ASPNET” unless specifically configured otherwise.
- The directory where aspnet_regiis.exe is located. The default installation path is $WINDIR% Microsoft.NET Framework <versionNumber> aspnet_regiis.exe. The last folder is the version of the Framework you are using (v2, v3, v4, etc.)