|
Credential Sniffing Attack - Local
Machine
Applies to
Any application running on the local machine.
Description
An attacker may be able to discover sensitive data left on the local
machine if proper care is not taken to ensure that sensitive data is not
written to the local machine. In this attack it may be possible to
recover sensitive information from the file system. An attacker may look
through temporary files, registry keys, swap files, config files, etc.
to discover sensitive data such as username/password pairs, database
connection strings, or other data that should be protected.
Impact
Vulnerabilities
-
Failure to use proper encryption
techniques.
-
Using default or insecure permission
sets.
-
Writing sensitive data to locations
discoverable by attackers.
Countermeasures
-
Do not write any sensitive information
out to the file system or registry in plaintext.
-
Encrypt any sensitive data that must be
stored.
-
Explicitly set permissions on temporary
files.
-
Keep sensitive information in memory for
as little time as possible.
-
Overwrite sensitive data files on disk
using a secure delete function.
Example
Sensitive Data in Temporary Files
An application writes an encryption key to the disk as a temporary file
while it's not using it to free up space in memory. When the encryption
key is no longer used the developer calls the File.Delete operation
which deletes the file from disk.
In this case it is trivial for an attacker to open an application that
allows her to read the contents of the file from disk, even after the
delete function had been called.
To ensure the contents of this file is unrecoverable it must be securely
deleted by overwriting the bits on disk. The file should always be
protected with encryption or with explicitly set permissions to make
sure that the file is not discoverable before it is deleted.
Additional
Resources
http://www.microsoft.com/technet/sysinternals/Security/SDelete.mspx
http://wipe.sourceforge.net/
http://www.owasp.org/index.php/Insecure_Temporary_File
Related Items
|
