{"id":1130,"date":"2010-09-28T17:01:10","date_gmt":"2010-09-28T17:01:10","guid":{"rendered":"http:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/"},"modified":"2010-09-28T17:01:10","modified_gmt":"2010-09-28T17:01:10","slug":"asp-net-a-oracle-padding-utok","status":"publish","type":"post","link":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/","title":{"rendered":"ASP.NET a „oracle padding“ \u00fatok"},"content":{"rendered":"

Za posledn\u00fdch nieko\u013eko dn\u00ed sa \u010doraz \u010dastej\u0161ie objavuj\u00fa spr\u00e1vy o zranite\u013enosti technol\u00f3gie ASP.NET, ktor\u00fa odprezentoval Juliano Rizzo na bezpe\u010dnostnej konferencii ekoparty 2010. Ako v\u0161ak t\u00e1to chyba funguje a ak\u00e9 s\u00fa jej potenci\u00e1lne hrozby?<\/p>\n

ASP.NET pou\u017e\u00edva blokov\u00fa \u0161ifru AES v CBC m\u00f3de na v\u00fdmenu citliv\u00fdch \u00fadajov v komunik\u00e1cii klienta so serverom, \u010d\u00edm zabra\u0148uje ich podvrhnutiu a zaru\u010duje integritu. T\u00e1to zranite\u013enos\u0165 v\u0161ak vyu\u017e\u00edva niektor\u00e9 implementa\u010dn\u00e9 chyby a umo\u017e\u0148uje \u0161ifrovanie kompletne rozbi\u0165, \u00fato\u010dn\u00edk t\u00fdmto z\u00edskava mo\u017enos\u0165 d\u00e1ta \u013eubovo\u013ene modifikova\u0165.<\/p>\n

T\u00fdka sa nasledovn\u00fdch vec\u00ed:
\n– ViewState
\n– Autentiza\u010dn\u00e9 tickety pre formul\u00e1re
\n– Anonymn\u00e1 identifik\u00e1cia
\n– Role Cookies<\/p>\n

In\u00fdmi slovami, zranite\u013eos\u0165 postihuje ka\u017ed\u00fa verziu ASP.NET.<\/p>\n

Zranite\u013enos\u0165 vyu\u017e\u00edva z\u00e1kladn\u00fd kryptografick\u00fd \u00fatok CCA (Chosen-ciphertext attack), \u00fato\u010dn\u00edk po\u0161le za\u0161ifrovan\u00fd text bez toho, aby pou\u017eil spr\u00e1vny k\u013e\u00fa\u010d, webov\u00e9mu serveru. Pod\u013ea n\u00e1vratovej chyby zist\u00ed, \u010di sa ist\u00e1 \u010das\u0165 de\u0161ifrovala spr\u00e1vne. T\u00fdmto sp\u00f4sobom dok\u00e1\u017ee nazbiera\u0165 dostato\u010dn\u00e9 mno\u017estvo inform\u00e1ci\u00ed na zistenie k\u013e\u00fa\u010da, ktor\u00fdm aplik\u00e1cia d\u00e1ta \u0161ifruje. Technick\u00e9 detaily s\u00fa k dispoz\u00edcii v http:\/\/netifera.com\/research\/poet\/\/PaddingOraclesEverywhereEkoparty2010.pdf<\/a>, \u00fatok bol odprezentovan\u00fd na bezpe\u010dnostnej konferencii Eurocrypt u\u017e v roku 2002 ako „padding oracle attack“.<\/p>\n

N\u00e1vrh ASP.NET v\u0161ak umo\u017e\u0148uje chybu kriticky zneu\u017ei\u0165 aj pre aplik\u00e1cie, ktor\u00e9 na prv\u00fd poh\u013ead neobsahuj\u00fa citliv\u00e9 \u00fadaje. Pod\u013ea nep\u00edsan\u00fdch bezpe\u010dnostn\u00fdch pravidiel sa neodpor\u00fa\u010da umiestni\u0165 \u017eiadne citliv\u00e9 inform\u00e1cie do kore\u0148ov\u00e9ho adres\u00e1ra pre webov\u00fd server (DocumentRoot). ASP.NET v\u0161ak t\u00fato z\u00e1sadu poru\u0161uje napr\u00edklad s\u00faborom „web.config“.<\/p>\n

Vo verzi ASP.NET 3.5 Service Pack 1 a ASP.NET 4.0 je pridan\u00e1 podpora na\u010d\u00edtania \u013eubovo\u013en\u00e9ho s\u00faboru aplik\u00e1cie. T\u00e1to funkcionalita je chr\u00e1nen\u00e1 cez „machine“ k\u013e\u00fa\u010d, ktor\u00fd je mo\u017en\u00e9 tie\u017e \u00fatokom z\u00edska\u0165 a zobrazi\u0165 vy\u0161\u0161ie spom\u00ednan\u00fd „web.config“, \u010dasto obsahuj\u00faci pr\u00edstupov\u00e9 hesl\u00e1.<\/p>\n

Aktu\u00e1lne neexistuje \u017eiadna ochrana proti \u00fatoku, Microsoft s\u00edce pred p\u00e1r d\u0148ami uviedol, \u017ee sta\u010d\u00ed nastavi\u0165 „CustomErrors“ tak, aby server vr\u00e1til rovnak\u00fa chybov\u00fa str\u00e1nku pre v\u0161etky chyby. T\u00e1to ochrana je v\u0161ak \u00faplne nedostato\u010dn\u00e1, nako\u013eko je mo\u017en\u00e9 zmera\u0165 rozdiely \u010dasov odozvy a pou\u017ei\u0165 \u00fatok s miernou modifik\u00e1ciou pomocou „time delay“ techniky. D\u00e1tum zverejnenia exploitu je zatia\u013e neur\u010dit\u00fd.<\/p>\n

UPDATE: Microsoft zverejnil dnes opravu pre tento druh \u00fatoku http:\/\/www.microsoft.com\/technet\/security\/bulletin\/MS10-070.mspx<\/a> a pod\u013ea vyjadrenia Julianno Rizzo-a dan\u00fa chybu naozaj rie\u0161i.<\/p>\n

referencie:
\nhttp:\/\/en.wikipedia.org\/wiki\/Chosen-ciphertext_attack<\/a>
\nhttp:\/\/blogs.technet.com\/b\/srd\/archive\/2010\/09\/17\/understanding-the-asp-net-vulnerability.aspx<\/a>
\nhttp:\/\/ekoparty.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Za posledn\u00fdch nieko\u013eko dn\u00ed sa \u010doraz \u010dastej\u0161ie objavuj\u00fa spr\u00e1vy o zranite\u013enosti technol\u00f3gie ASP.NET, ktor\u00fa odprezentoval Juliano Rizzo na bezpe\u010dnostnej konferencii ekoparty 2010. Ako v\u0161ak t\u00e1to chyba funguje a ak\u00e9 s\u00fa jej potenci\u00e1lne hrozby? ASP.NET pou\u017e\u00edva blokov\u00fa \u0161ifru AES v CBC m\u00f3de na v\u00fdmenu citliv\u00fdch \u00fadajov v komunik\u00e1cii klienta so serverom, \u010d\u00edm zabra\u0148uje ich podvrhnutiu a […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[11],"tags":[381,382,78,383],"class_list":["post-1130","post","type-post","status-publish","format-standard","hentry","category-unkategorisiert","tag-asp-net-de","tag-microsoft-de","tag-nethemba-de","tag-oracle-padding-de"],"yoast_head":"\nASP.NET a "oracle padding" \u00fatok - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ASP.NET a "oracle padding" \u00fatok - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Za posledn\u00fdch nieko\u013eko dn\u00ed sa \u010doraz \u010dastej\u0161ie objavuj\u00fa spr\u00e1vy o zranite\u013enosti technol\u00f3gie ASP.NET, ktor\u00fa odprezentoval Juliano Rizzo na bezpe\u010dnostnej konferencii ekoparty 2010. Ako v\u0161ak t\u00e1to chyba funguje a ak\u00e9 s\u00fa jej potenci\u00e1lne hrozby? ASP.NET pou\u017e\u00edva blokov\u00fa \u0161ifru AES v CBC m\u00f3de na v\u00fdmenu citliv\u00fdch \u00fadajov v komunik\u00e1cii klienta so serverom, \u010d\u00edm zabra\u0148uje ich podvrhnutiu a […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2010-09-28T17:01:10+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"ASP.NET a „oracle padding“ \u00fatok\",\"datePublished\":\"2010-09-28T17:01:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/\"},\"wordCount\":483,\"commentCount\":0,\"keywords\":[\"asp.net\",\"microsoft\",\"nethemba\",\"oracle padding\"],\"articleSection\":[\"Unkategorisiert\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/\",\"name\":\"ASP.NET a \\\"oracle padding\\\" \u00fatok - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2010-09-28T17:01:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/asp-net-a-oracle-padding-utok\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ASP.NET a “oracle padding” \u00fatok\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ASP.NET a \"oracle padding\" \u00fatok - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/","og_locale":"de_DE","og_type":"article","og_title":"ASP.NET a \"oracle padding\" \u00fatok - Nethemba","og_description":"Za posledn\u00fdch nieko\u013eko dn\u00ed sa \u010doraz \u010dastej\u0161ie objavuj\u00fa spr\u00e1vy o zranite\u013enosti technol\u00f3gie ASP.NET, ktor\u00fa odprezentoval Juliano Rizzo na bezpe\u010dnostnej konferencii ekoparty 2010. Ako v\u0161ak t\u00e1to chyba funguje a ak\u00e9 s\u00fa jej potenci\u00e1lne hrozby? ASP.NET pou\u017e\u00edva blokov\u00fa \u0161ifru AES v CBC m\u00f3de na v\u00fdmenu citliv\u00fdch \u00fadajov v komunik\u00e1cii klienta so serverom, \u010d\u00edm zabra\u0148uje ich podvrhnutiu a […]","og_url":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2010-09-28T17:01:10+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Verfasst von":"Pavol Lupt\u00e1k","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"ASP.NET a „oracle padding“ \u00fatok","datePublished":"2010-09-28T17:01:10+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/"},"wordCount":483,"commentCount":0,"keywords":["asp.net","microsoft","nethemba","oracle padding"],"articleSection":["Unkategorisiert"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/","url":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/","name":"ASP.NET a \"oracle padding\" \u00fatok - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2010-09-28T17:01:10+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/asp-net-a-oracle-padding-utok\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"ASP.NET a “oracle padding” \u00fatok"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/de\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=1130"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1130\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=1130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/categories?post=1130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/tags?post=1130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}