|
|
| |
|
|
|
|
|
|
| |
| Copyright © 2001,2002 eyeonsecurity
Inc., All Rights Reserved. No portions of eyeonsecurity
may be used without express, written permission
|
|
|
|
Microsoft Passport Account Hijack Attack
An analysis of one attack on Microsoft (now .NET)
Passport - Cross Site scripting. This document describes an obvious
flaw in the security of this system and how an attacker can proceed
to exploit such a flaw to gain access to other user's accounts.
This paper covers the following points:
-
- An introduction to Web Applications and the underlying authentication
schemes and concepts
- Description of the idea behind Microsoft Passport
- How Microsoft Passport actually works and how to use that knowledge
to gain unauthorised access.
How to go about exploiting Cross site scripting
- Bypassing countermeasures for Cross site scripting
- An actual exploit scenario
Download Paper (need pdf
view eg. acrobat reader)
View online version
Old version (online)
|
