Security Code Review – String Search Patterns For Authentication Vulnerabilities

  • Article

This post contains string search patterns that can help identifying authentication vulnerabilities during security code inspection for your ASP.NET application. Most common vulnerability is about insecurely manipulating credentials in the code. The question we want to actually ask is:

  • Are you passing clear text credentials?

The associated threat is identity theft or identity spoof that can be achieved by disclosing the credentials or/and tampering it.

What to Search for and Why

Credentials are usually required when accessing a down stream resource – database, web service, active directory, MQSeries, or any other. This information can be easily obtained from the architecture document. Following are possible searches that can lead you to the hotspots to nail potential authentication vulnerabilities:

DB Connections

findstr /S /I ".Open( " *.cs

Web Services

findstr /S /I ".Credentials =" *.cs

LogonUser API – usually used for impersonation

findstr /S /I "LogonUser" *.cs

IIdentity usage

This one is my favorite. This search pattern is actually trying to spot the anti-pattern of identifying end user. The assumption here is that when there is no matches for that search then the solution either does not identifies the requests or uses home grown solution which might be potential vulnerability in both cases.

findstr /S /I “.Identity" *.cs

Other than above searches it is good idea to review the web.config file for potential clear text credentials.

Got more suggestions for search patters to identify potential authentication vulnerabilities? - Please, share!