Question

Use the sample entry from an Apache web server log below to answer the following questions.

10.10.0.2 - - [1/Jan/2020:10:02:45 +0000] “GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 302

i. Identify the key information in this message and briefly describe what this log entry is telling you?

ii. What security threat or vulnerability can you see from this log entry?

iii. How might this cause harm? i

v. Suggest how the website developer or administrator might mitigate this threat or vulnerability?

Answer 1

Ans I

In the above question 10.10.02 denotes the IP address of the client

The next two hyphens meaning:

first"-": Identity of the client machine is hidden here, so it is '-' is used

second "-": The user id of the client is hidden, so it is not authenticated.

[1/Jan/2020:10:02:45 +0000] - time at which the customer request are received

GET /login.php?username=admin&password=password&submit=TRUE HTTP/1.1 - It represents the http request method of the customer utilized and the HTTP/1.1 is the http's variant.

Additional information: It is a GET request from the web page "login.pgp" with the parameters username and password and submit is set to TRUE.

302 - It is the status code that is sent back to the customer from the server. Here 302 refers to found.

Ans II:

From the given log we can distinguish the customer machine's username and secret key, which clear a path for the attackers to interfere with their network/machine.

Ans III:

Subsequently, username and passwords are visible to the rest of the world it is defenseless for the security by somebody who knows its password/username can break into and cause issues.

Ans IV:

Here the developer can encrypt the username and password and pass it with the HTTP get request, with this approach we can protect the client machine's details to become vulnerable to such attacks. Hence this provides protection.

In this developer can encode the username and password and pass it with the HTTP get request, with this methodology we can secure the customer machine's information to become vulnerable for such attacks. Subsequently, this provides security.