One-click Attack

Description

A one-click attack occurs when an attacker creates a prefilled Web page (.htm or .aspx) with view state. The view state can be generated from a page that the attacker had previously created, for example, a shopping cart page with 100 items. The attacker lures an unsuspecting user into browsing to the page, then causes the page to be sent to the server where the view state is valid. The server has no way of knowing that the view state originated from the attacker. View state validation and MACs do not counter this attack because the view state is valid and the page is executed under the security context of the user.

Vulnerabilities

• Communication channel is insecure (lacking confidentiality protection)

Countermeasures

• Use SSL or IPSec with encryption to establish a secure communication channel

Attack Patterns

• One-Click Attack Pattern

Explained

• One-Click Attack Explained

How Tos

• How To Recognize One-Click Vulnerabilities
• How To Test For One-Click Vulnerabilities