Federico Redavid
Exploiting Race Conditions to break the OTP Authentication Mechanism in Web Applications.
Rel. Danilo Bazzanella, Maurizio Agazzini. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (7MB) | Preview |
Abstract
In the modern age, web applications have become a critical part of everyone’s life; every second they grant access to the digital world to hundreds of millions of people. This relevance required the implementation of authentication mechanisms that could help us identify the user, both for efficiency and security. One of the most employed strategies in this field nowadays is the use of 2-Factor Authentication (2FA) and, in particular, the adoption of One-Time Passwords (OTPs). Authentication mechanisms, however, have to be thoroughly developed because they are one of the most interesting – and thus – attacked points on the surface of an application.
In this thesis, developed with the help of the security experts at HN Security, we will test the safety of the OTP-based authentication mechanisms by exploiting the often neglected web application’s vulnerability class known as Race Conditions
Tipo di pubblicazione
URI
 |
Modifica (riservato agli operatori) |
