Bypassing HTTP Strict Transport Security

2014.10.17
Credit: Jose Selvi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

it's a pretty neat and simple idea: Kill HSTS through NTP by sending victims PC into the future. https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf Same should work for HPKP. The idea of setting some security feature through a header needs a revisit. The solution would be to have a more reliable PC time. How do we do that? See https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf

References:

https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top