Bypassing HTTP Strict Transport Security

Published
Credit
Risk
2014.10.17
Jose Selvi
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

it's a pretty neat and simple idea:
Kill HSTS through NTP by sending victims PC into the future.
https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf

Same should work for HPKP. The idea of setting some security feature
through a header needs a revisit. The solution would be to have a more reliable PC time. How do we do
that?

See
https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf

References:

https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com