Insecure Authentication

ID

kotlin.insecure_authentication

Severity

high

Resource

Information Leak

Language

Kotlin

Tags

CWE:319, NIST.SP.800-53, OWASP:2021:A4, PCI-DSS:6.5.4, PCI-DSS:6.5.6

Description

Insecure authentication occurs when authentication credentials, such as passwords, are transmitted over an insecure channel, such as HTTP, making them vulnerable to interception.

Rationale

Insecure authentication is a significant vulnerability that arises when sensitive information, like passwords or tokens, is transmitted without proper encryption. This usually happens over unsecured communication channels, like HTTP, where attackers can easily intercept and capture these credentials.

Here’s a Kotlin example illustrating insecure authentication:

import okhttp3.*
import java.io.IOException

fun authRequestOkHttp(user: String, password: String) {
    val client = OkHttpClient()

    val url = "http://yourapi.com/auth"
    val json = """{"username": $user, "password": $password}"""

    val requestBody = json.toRequestBody("application/json; charset=utf-8".toMediaTypeOrNull())

    val request = Request.Builder() // FLAW
        .url(url)
        .post(requestBody)
        .build()

    client.newCall(request).enqueue(object : Callback {
        override fun onFailure(call: Call, e: IOException) {
            e.printStackTrace()
        }

        override fun onResponse(call: Call, response: Response) {
            response.use {
                if (!it.isSuccessful) {
                    println("Failed: ${response.code}")
                } else {
                    println("Response: ${response.body?.string()}")
                }
            }
        }
    })
}

Remediation

To remediate this vulnerability, ensure that all sensitive information is transmitted over secure channels such as HTTPS. This ensures that the data is encrypted in transit.

Here’s the corrected version of the previous example:

import okhttp3.*
import java.io.IOException

fun authRequestOkHttp(user: String, password: String) {
    val client = OkHttpClient()

    val url = "https://yourapi.com/auth"
    val json = """{"username": $user, "password": $password}"""

    val requestBody = json.toRequestBody("application/json; charset=utf-8".toMediaTypeOrNull())

    val request = Request.Builder()
        .url(url)
        .post(requestBody)
        .build()

    client.newCall(request).enqueue(object : Callback {
        override fun onFailure(call: Call, e: IOException) {
            e.printStackTrace()
        }

        override fun onResponse(call: Call, response: Response) {
            response.use {
                if (!it.isSuccessful) {
                    println("Failed: ${response.code}")
                } else {
                    println("Response: ${response.body?.string()}")
                }
            }
        }
    })
}

Additionally, consider implementing further security measures such as multi-factor authentication and using secure password storage mechanisms like bcrypt for hash-based password handling.

References

  • CWE-319 : Cleartext Transmission of Sensitive Information.