mardi 10 mars 2015

Low cookies randomness in asp .net mvc 4 app

I develop application using c# and asp .net mvc4. In IIS there is set windows authentication which use only kerberos provider.


I used burp suite to make tests against poor cookies randomness at login page. Selected text in the picture was chosen to test how much variable changes during 20k requests.


enter image description here


Results show that estimated entropy is 0 – so variable doesn’t change at all.


enter image description here


What are options to increase randomness of selected part of header? What are general method to increase randomness of session variables stored in cookies?





Aucun commentaire:

Enregistrer un commentaire