|Number of votes:||5|
EPiServer has been alerted to a possible security risk to websites as a result of a recently published plug-in for Firefox. The plug-in can potentially make it very easy to hijack other people's access on websites that transmit unencrypted data through a public wi-fi.
The problem is neither new nor exclusive to EPiServer websites, but this small plug-in both makes it easier and makes people more aware. EPiServer has investigated the risk and can confirm that the plug-in could potentially be used as a tool to gain unauthorized access to websites running EPiServer products and most other website management systems. This is a problem which also affects many popular sites and services, including Facebook, Twitter, Google, Yahoo.
In reality this means that anyone with the plug-in installed can go to anywhere with an open wi-fi, for example most hotels, airports, public transportation etc., open Firefox, see what other people on the same wi-fi are doing and with one click take over their access to any site they are logged into. If they are logged in to Facebook, for example, it's possible to post nasty comments on their behalf, read their Google mail and so on.
It's important to stress that this is not an EPiServer specific problem and in fact EPiServer products are not directly targeted by this plug-in. However it is possible for a to tweak the plug-in to also be used against sites running on EPiServer software.
This affects websites using cookie-based authentication that do not encrypt the data through SSL, where logged in users potentially are accessing the website through a public unsecured wi-fi.
Example: One of your editors is travelling, but when she arrives at her hotel and checks her e-mail she notices that she needs to do a number of urgent website updates. So, she logs into the Edit mode and does them. At the same time another hotel guest with evil intent in a nearby hotel room, connected to the same insecure wi-fi network and using the plug-in to scan for possible victims sees her editing and then uses the tool to hijack her access. That would potentially give him editing access on the website.
By far the safest solution is to ensure that your entire site runs SSL (HTTPS). Today many EPiServer customers are already running SSL on parts of the site - but in most cases, in order to completely secure your site against this type of attacks you would need to secure the entire site.
Another approach that is fairly popular is to remove admin and editing capabilities from your front-end web servers and separate out secure, back-end editing servers. This will secure your editing and admin access but could still put other kinds of user-access (for example extranet users) at risk of being hijacked.
If you have set up EPiServer CMS to use Windows authentication (NTLM / Challenge-Response) and not the default forms authentication you should also be fairly safe from this type of attack.
Obviously you can also go for a more simple approach of enforcing a corporate policy where editors and administrators are only allowed to log in to the website through secure networks or using VPN.
This article will be updated with more information as it becomes available. EPiServer is currently working on enhancing technical documentation on securing your web site against this type of attack.
A new technote containing information on how to protect your users from session hijacking has been published.