• Title/Summary/Keyword: Password Vulnerability

Search Result 79, Processing Time 0.023 seconds

Design of the MS-SQL Password Vulnerability Checking Function Using OLE Remote Connection (OLE 원격 접속 기능을 이용한 MS-SQL 패스워드 취약점 점검 기능 설계)

  • Jang, Seung Ju
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.3
    • /
    • pp.97-104
    • /
    • 2015
  • This paper will feature designs for security vulnerability based on MS-SQL Database and OLE connectivity by checking the MS-SQL database password policy, the user account password access attempts, a user without password, and password does not be changed for a period of time. This paper uses the MS-SQL database and C++ linkage in order to use the OLE DB function. The design module should judge presence or absence of security vulnerability by checking database password policy, the user account password access attempts, a user without password, password does not be changed for a period of time. The MS-SQL database password associated with a feature, judging from the many features allows you to check for security vulnerability. This paper strengthen the security of the MS-SQL database by taking the advantage of the proposed ability.

Security of Password Vaults of Password Managers (패스워드 매니저의 패스워드 저장소 보안 취약점 분석)

  • Jeong, Hyera;So, Jaewoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1047-1057
    • /
    • 2018
  • As the number of services offered on the Internet exponentially increases, password managers are increasing popular applications that store several passwords in an encrypted database (or password vault). Browser-integrated password managers or locally-installed password managers store the password vault on the user's device. Although a web-based password manager stores the password vault on the cloud server, a user can store the master password used to sign in the cloud server on her device. An attacker that steals a user's encrypted vault stored in the victim's device can make an offline attack and, if successful, all the passwords in the vault will be exposed to the attacker. This paper investigates the vulnerability of the password vault stored in the device and develops attack programs to verify the vulnerability of the password vault.

Analysis on Security Vulnerability of Password-based key Exchange and Authentication Protocols (패스워드 기반 키 교환 및 인증 프로토콜의 안전성에 관한 분석)

  • Park, Choon-Sik
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.10
    • /
    • pp.1403-1408
    • /
    • 2008
  • A number of three party key exchange protocols using smart card in effort to reduce server side workload and two party password based key exchange authentication protocols has been proposed. In this paper, we introduce the survey and analysis on security vulnerability of smart card based three party authenticated key exchange protocols. Furthermore, we analyze Kwak et al's password based key exchange and authentication protocols which have shown security weakness such as Shim et al's off-line password guessing attack and propose the countermeasure to deter such attack.

  • PDF

Design of Improved Strong Password Authentication Scheme to Secure on Replay Attack (재전송 공격에 안전한 개선된 강력한 패스워드 인증 프로토콜 설계)

  • Kim, Jun-Sub;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.6
    • /
    • pp.133-140
    • /
    • 2011
  • Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.

Countermeasures to the Vulnerability of the Keyboard Hardware (키보드컨트롤러의 하드웨어 취약점에 대한 대응 방안)

  • Jeong, Tae-Young;Yim, Kang-Bin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.187-194
    • /
    • 2008
  • This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

Improved Strong Password Mutual Authentication Protocol to Secure on Replay Attack (재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜)

  • Kim, Jun-Sub;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.3
    • /
    • pp.415-425
    • /
    • 2010
  • In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

Vulnerability Attack for Mutual Password Authentication Scheme with Session Key agreement (세션 키 동의를 제공하는 상호인증 패스워드 인증 스킴에 대한 취약점 공격)

  • Seo Han Na;Choi Youn Sung
    • Convergence Security Journal
    • /
    • v.22 no.4
    • /
    • pp.179-188
    • /
    • 2022
  • Password authentication schemes (PAS) are the most common mechanisms used to ensure secure communication in open networks. Mathematical-based cryptographic authentication schemes such as factorization and discrete logarithms have been proposed and provided strong security features, but they have the disadvantage of high computational and message transmission costs required to construct passwords. Fairuz et al. therefore argued for an improved cryptographic authentication scheme based on two difficult fixed issues related to session key consent using the smart card scheme. However, in this paper, we have made clear through security analysis that Fairuz et al.'s protocol has security holes for Privileged Insider Attack, Lack of Perfect Forward Secrecy, Lack of User Anonymity, DoS Attack, Off-line Password Guessing Attack.

Vulnerability of Two Password-based Key Exchange and Authentication Protocols against Off-line Password-Guessing Attacks (두 패스워드 기반 키 교환 및 인증 프로토콜들에 대한 오프라인 패스워드 추측 공격의 취약성 분석)

  • Shim, Kyung-Ah;Lee, Hyang-Sook;Lee, Ju-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.3-10
    • /
    • 2008
  • Since a number of password-based protocols are using human memorable passwords they are vulnerable to several kinds of password guessing attacks. In this paper, we show that two password-based key exchange and authentication protocols are insecure against off-line password-guessing attacks.

Implementation of User Account Vulnerability Checking Function System using MS-SQL Database (MS-SQL 데이터베이스에서 특정 계정 취약점 판별 시스템 구현)

  • Jang, Seung-Ju
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.18 no.10
    • /
    • pp.2482-2488
    • /
    • 2014
  • This paper proposes that a user account of the MS-SQL is checked whether expirated or not in C++ program environment. Vulnerability checking module decides security weakness for password change time or user configuration time. The proposed module prevents and protects a user account from a malicious user account. Recently, Information Assets becomes more important. If the loss of database information it would make large damage in our life. This paper develops user account checking module, which checks whether user password have not been changed for a long time or whether the user account expirated in the MS-SQL Database. By checking security vulnerability using this feature, a malicious user cannot access the Database.

Analysis of an Intrinsic Vulnerability on Keyboard Security (키보드 보안의 근본적인 취약점 분석)

  • Yim, Kang-Bin;Bae, Kwang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.89-95
    • /
    • 2008
  • This paper analyzes the intrinsic vulnerability problems of the authentication system for Internet commerce based on the ID and password strings gathered from the computer keyboard. Through the found vulnerability, it is easy to sniff user passwords as well as any other keyboard inputs even when each of the existing keyboard protection softwares is running. We propose several countermeasures against the possible attacks to the vulnerability at both points of the hardware and the software concerns. The more secure environment for Internet commerce is highly required by implementing the proposed countermeasures.