Server Side Control Signed Property Override
Variants:
Direct
Also Known As:
Control Property Override via Cache Reuse
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
ASP.Net, Mono, JSF
Target Type:
Web Application
Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration
Invented In:
15/03/2013
Added In:
09/12/2014
Vector Operation Method:
Attackers can override the properties of server-side controls by reusing obsolete cached signed viewstate and eventvalidation values, elevating their privileges, bypassing restrictions and causing unexpected behaviours
