WP4: Infrastructure
Space shortcuts
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The security concept is separated into two parts: the vulnerabilities of the Flarecast infrastructure and the protection of confidential resources.

Infrastructure valnerabilities

The first part concerns attacks against the infrastructure from external or internal sources. This includes any kind of vectors including data manipulation as well as service disruption.
The following table gives a summary of such attack vectors, there risk and impact level as well as possible countermeasures.

Attack VectorDescription

Risk Level

(1 - 5)

Impact Level

(1 - 5)

Countermeasure
Attacks concerning general web applications   
Cross-site request forgery (XSRF, CSRF)Victim has an open VPN session and runs a malicious script downloaded from an attacker's server.14Nonce tokens
Cross-site script inclusion (XSSI)

Victim has an open VPN session and forwards JSON responses due a malicious script downloaded from an attacker's server.
Possible but harmless, as all available resources are non-confidential.

00-
Cross-site scripting (XSS)Victim/Docker container uploads malicious script which is executed while visualizing data by a web service.12

HTML escaping

Header injection (response splitting)

Victim/Attacker sends a request with a manipulated header field provided as query parameter which is then used within
the response header. There is no route which allows to set the sesponse's header information

00-
Mixed content

Due the mix of resources partly available by HTTP and partly by HTTPS e.g. a man-in-the-middle attack is possible.
Harmless, due the secured connection to the internal infrastructure.

00 -
Open redirection

Victim/Attacker sends a request with a manipulated URL provided as query parameter, e.g. forcing a redirection.
This may be a problem with oAuth2 and the 'Token' response type. Not trivial as oAuth2 validates the redirection URL.

12HTML escaping
Referer leakage

Victim calls an external link from a sensitive URL which is then published within the 'referer' header field of the request to
the external site. There is no link to an external site. (anyway harmless)

 00 -
Session hijacking

Attacker uses a man-in-the-middle attack while victim has an open connection to the internal infrastructure.
Requires the attacker to break the given encryption of the SSH connection which is very unlikely.

15Keep informed about issues
concerning secure connections
(e.g. OpenSSL vulnerability
CVE-2016-6304)
Session fixationAttacker provides a URL with a pre-defined session ID to the Victim. As soon as the Victim logs into the system the
attacker can use the same session ID for his own requests. Very unlikely as the internal infrastructure is only
accessible by a secure connection.		 1 3Inform end-users about the
risk.
Specific to the design of web applications   
     

To cover

The above attack vectors are barely addressed at the moment due the following reasons:

  • The main infrastructure is behind a firewall only accessible by a secure and authorized connection
  • All publicly available services only provide restricted access to resources and use a read-only database
  • Due the public availability of the data and its domain a dedicated attack is very unlikely

Authentification mechanisms

  • No labels