Enjoy Sharing Technology!

Software,Develope,Devops, Security,TroubleShooting

Sunday, November 14, 2021

fortify scan: WCF Misconfiguration: Insufficient Logging

Abstract:

The lack of a proper audit trail after a security incident can hamper forensic efforts.

Explanation:

Windows Communication Foundation (WCF) offers the ability to log successful and/or failed authentication attempts. Logging failed authentication attempts can warn administrators of potential brute-force attacks. Similarly, logging successful authentication events can provide a useful audit trail when a legitimate account is compromised.

In this case, PDLCWcfService.dll.config does not contain a <serviceSecurityAudit> tag with serviceAuthorizationAuditLevel and messageAuthenticationAuditLevel attributes.

Recommendations:

Enable WCF's service security audit feature.

The following is an example configuration with auditing enabled:

<system.serviceModel>

  <behaviors>

    <serviceBehaviors>

      <behavior name="NewBehavior">

         <serviceSecurityAudit auditLogLocation="Default"

             suppressAuditFailure="false"

             serviceAuthorizationAuditLevel="SuccessAndFailure"

             messageAuthenticationAuditLevel="SuccessAndFailure" />

             ...

</system.serviceModel>


Share:

0 comments:

Post a Comment

Search This Blog

Weekly Pageviews

Translate

Blog Archive