ClickOnce Security

From OWASP
Revision as of 05:22, 26 August 2011 by Deepnov (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Microsoft's ClickOnce technology, which is quite similar to Java WebStart has a number of vulnerabilities and any ClickOnce client server application developed on dotnet technology can be completely compromised if appropriate security controls are not used. 

1. The ILDASM tool available within the .net framework can be used to disassemble the application client and any database related logic/info can be exposed to hackers.

2. The Disassembled code can even leak encryption keys initialized inside the client code.

3. The code can be reassembled back to DLLs and EXEs using the ILASM tool from the command line.

4. Code signed by Authenticode can also be bypassed by intercepting the response data and removing the signature. (Please visit the link below)

5. By cracking the client application, every possible security control implemented on the client can be broken. For eg: Authorization, Input Validation & Cryptographic storage.

 

Possible Mitigation controls include:

1. Complete code obfuscation on the client side application to prevent easy tampering of Intermediate Language code.

2. Sign all the client assemblies with a strong name. (Assembly loader can detect tampered assembly)

3. Use Authenticode to sign the application.

 

Please see the below link for Man-In-The-Middle vulnerabilities:

http://www.securityfocus.com/archive/1/512450