What is Framesniffing attack?
The Framesniffing technique uses an HTML iframe to load a target website inside of an attacker’s webpage. All web browsers have security restrictions that prevent a webpage from directly reading the contents of pages loaded in frames. However, this attack bypasses those measures, allowing a malicious webpage to read certain pieces of information about the structure of a framed page, by using anchor elements.
How does it affect SharePoint?
Even though SharePoint is accessible on internal network, but it’s loading in web browser. By default, SharePoint 2007 and 2010 do not send the X-Frame-Options header. This means that any website that knows the URL of organisation’s SharePoint can load it in an iframe. This attack works by checking for anchors on search result pages.
Watch this demo how Framesniffing works with SharePoint - http://www.contextis.co.uk/research/blog/framesniffing/
The video shows an attacker extracting sensitive information from a fictional corporate SharePoint installation. The attacker then searches the server to discover crucial information about upcoming acquisition. To achieve this, the attacker first lures a user with access to the SharePoint server to a malicious web page. While the user is viewing the page, the attacker uses the Framesniffing to infer information from the SharePoint server through their web browser.
What Microsoft Says about this vulnerability?
“We have concluded our investigation and determined that this is by-design in current versions of SharePoint. We are working to set the X-Frame options in the next version of SharePoint”.
How to protect SharePoint against Framesniffing?
Websites can protect themselves against Framesniffing attacks by sending the X-Frame-Options HTTP header. Protecting SharePoint from this attack is a simple matter of adding the X-Frame-Options header.
Following steps describe how to add the custom header in IIS7. This is for SharePoint as an example, but the instructions will work for any site:
- Open IIS Manager (Run > InetMgr)
- In the left pane navigate to the relevant web site ( SharePoint – 80)
- In the right pane Select the ‘Features View’ present at lower left corner
- Double-click the ‘HTTP Response Headers’ icon
- Click the ‘Add…’ link in the right pane
- Enter ‘X-Frame-Options’ in the name field and ‘SAMEORIGIN’ in the value field. Hit OK.
Note – This setting will prevent SharePoint from being open in frame, it could potentially break SharePoint in some setups – for example if another intranet application uses SharePoint via a frame. Be sure to test this change before putting it into production.
Browser Protection against Framesniffing Attacks
Users of the Firefox browser are already protected against Framesniffing. However the latest versions of Internet Explorer, Chrome and Safari are still vulnerable to these attacks.
No comments:
Post a Comment