Collaborate Disseminate
During my pentest of a client’s websites I stumbled upon the WP with vulnerable WP Statistics plugin installed.
To exploit this vulnerability, I should send a JSON-API request to endpoint /json-api/wp-statistics/v2/…. The problem is I mu… Continue reading How to obtain "wp_rest" nonce for WP Statistics plugin manually?
I understand that a nonce is used to prevent replay attacks. I have been going through documentations, specs, posts and blog posts and I am a little confused.
Consider the following attack scenario.
Mary wants to login to https://photos.c… Continue reading OpenId Connect and proper usage of nonce
Looking at this question Openid connect nonce replay attack and the answer by @benbotto. I understand the replay attack in implicit flow but unable to understand it for auth code flow. Let’s say an attacker intercepts the authentication re… Continue reading Openid nonce replay attack in auth code flow
SHA-256 generates a 32-byte hash, Is it a safe practice to use the first 16 as an iv (nonce) and the second 16 as a key ?
What other things I should consider when using PBKDF2 in a scenario like this ?
Continue reading Can I use part of PBKDF2 output as an IV (nonce)?
I need validation / feedback please with the implementation of a web based client-server application that I am building.
I need to make sure that a client’s cookies can’t be hijacked and therefore I have introduced a nonce.
So with each re… Continue reading Using predictable incrementing nonces
I want to implement a service that can’t read the data you store there.
The Idea is that I, like in a password manager, use the password to derive a vault key, which is different from the authentication key, that is used to encrypt/decrypt… Continue reading Multiple devices encrypting data using the same key?
I am trying to figure out how to build a secure, playback-proof, web authentication scheme and at the same time be able to use a KEK at the server.
After a lot of reading it seems that a reasonable way to validate the password between the … Continue reading Web authentication, replay, nonce and KEK
I stumbled upon a web app which is accepting user input and putting it into a variable within script tag.
The script tag does have a nonce attribute.
As am working on bypassing the XSS filter, I had this thought that this practice of refl… Continue reading Is nonce useless when user input is reflected within an inline script?
I have a web site and a service in a server.
I’m developing the "Register User" and "Login" components.
I’ve searched on the internet and I’ve found two protocols to login user using ‘nonce’ and ‘salt’, here and here.
I… Continue reading How to guarantee only my client application can request a nonce?
In OAuth2, as part of the authorization request, we generate a random string and pass it with the state parameter, so that when we get the response, we can ascertain that the response is a result of our request.
In some examples, I’ve see… Continue reading Does OAuth2 state parameter need to be cryptographically secure?