locked
Hacking Cloud communication is possible through Insecure IDs - True/False RRS feed

  • Question

  • Hi,

    I was intercepting the request and response of a cloud based application though an intercepting proxy Paros.
    One of the request seemed suspicious 

    GET http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2204416 HTTP/1.1
    Accept: */*
    Accept-Language: en-us
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; KM Tool Bar; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; .NET CLR 3.5.21022; MS-RTC LM 8) Paros/3.2.12
    Host: servicemap.conduit-services.com
    Proxy-Connection: Keep-Alive
    Cookie: _sm_au_d=1
    Content-length: 0

    Note the ownerID parameter which is CT2204416. According to my understanding this request is sent over the service bus by WCF NETTcpBinding protocol.

    My point is imagine that there is an application which is giving administrative privileges to person A having CT2204416 id. I as a normal users have an ID of CTXXXXX log in the application and through intercepting proxy change this id to CT2204416 and gain the administrative privilege. 


    I have 2 queries here:
    1. Is my understanding correct?
    2. Do you feel this is a critical security issue?

    Thanks
    Nabarun Sengupta

    C3 community member
    Mindtree Limited

    Friday, May 20, 2011 3:58 AM