Authentication mechanism absence or evasion - Security Image
Description
It is possible to eliminate the use of the image and security phrase at user login.
Impact
Remove image and security phrase which can facilitate other types of attacks.
Recommendation
Make sure that only one number of an existing image can be sent so that the image and passphrase function is not eliminated.
Threat
User authenticated from the Internet.
Expected Remediation Time
⌚ 240 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: L
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: X
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
- Score:
- Base: 4.3
- Temporal: 4.3
- Severity:
- Base: Medium
- Temporal: Medium
Code Examples
Compliant code
The application correctly validates credentials and handles wrong credentials by redirecting user to login
app.Register('/userRegister', function(req, res, next){
const img = req.user.secImg;
const phrase = req.user.secPhrase;
const isCredentialsValid = checkCredentials(img, phrase);
if isCredentialsValid{
res.redirect('/profile/SecurityCredentials');
}else{
//Code to redirect and retry to validate security credentials
res.redirect('/userLogin');
}
});
Non compliant code
There is a functionality to bypass the verification of the user credentials and accees sensitive information
app.Register('/userRegister', function(req, res, next){
const img = req.user.secImg;
const phrase = req.user.secPhrase;
const isCredentialsValid = checkCredentials(img, phrase);
if isCredentialsValid{
res.redirect('/profile/SecurityCredentials');
}else{
//If there is a mistake in the credentials sent, the user can still bypass the controls
res.redirect('/profile/signIn');
}
});