I Forgot Your Password: Randomness Attacks Against PHP Applications

Download Now
Provided by: University of Asmara
Topic: Security
Format: PDF
The authors provide a number of practical techniques and algorithms for exploiting randomness vulnerabilities in PHP applications. They focus on the predictability of password reset tokens and demonstrate how an attacker can take over user accounts in a web application via predicting or algorithmically de-randomizing the PHP core randomness generators. While their techniques are designed for the PHP language, the principles behind their techniques and their algorithms are independent of PHP and can readily apply to any system that utilizes weak randomness generators or low entropy sources.
Download Now

Find By Topic