WPAD: Waiting Patiently for an Announced Disaster-Reference-Cited by-同舟云学术

WPAD: Waiting Patiently for an Announced Disaster

Published:2023-02-02 Issue:10 Volume:55 Page:1-29
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Boulila Elyssa¹^ORCID,Dacier Marc²^ORCID

Affiliation:

1. EURECOM, Biot, France

2. KAUST, Thuwal, Kingdom of Saudi Arabia

Abstract

The Web Proxy Auto-Discovery protocol ( wpad 1 ) is widely used despite being flawed. Its purpose is to enable a client machine to autonomously identify an appropriate proxy, if any, to connect to. This can be useful in corporate networks, for example. Its vulnerabilities range from enabling an attacker to execute code remotely on client machines, to carry out SSL MITM attacks, to subvert Windows NTLM authentication, or even to steal Google authentication tokens. Several publications, talks, and blog posts have tried to raise awareness about some of these security issues. 23 distinct CVEs have been published. Nevertheless, wpad runs by default on Windows machines, and most users are unaware of its existence. Our goal is to offer within a single publication a survey of all the known vulnerabilities surrounding wpad , a presentation of some novel threats related to this protocol, as well as a description of mitigation and detection techniques to prevent the exploitation of its vulnerabilities. We hope that this publication will be an eye opener for all those concerned with the security of their networks and that the offered mitigation techniques will help them to deal with the numerous threats that wpad brings to their environments.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3565361

Reference105 articles.

1. Dynamic Host Configuration Protocol (DHCP) Domain Search Option

2. B. Aboba, D. Thaler, and L. Esibov. 2007. Link-local Multicast Name Resolution (LLMNR). RFC 4795. RFC Editor.

3. Richard John Matthew Agar. 2010. The Domain Name System (DNS): Security Challenges and Improvements. Technical Report. Tech. rep., Royal Holloway, University of London.

4. DHCP Options and BOOTP Vendor Extensions

5. C. Alonso. 2013. Fear the Evil FOCA attacking internet connections with IPv6. DEF CON. Retrieved October 31 2022 from https://media.defcon.org/DEF%20CON%2021/DEF%20CON%2021%20presentations/DEF%20CON%2021%20-%20Alonso-Fear-the-Evil-FOCA-Updated.pdf.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. W-Bad: Interception, Inspection, and Interference with Web Proxy Auto-Discovery (WPAD);2023 7th Network Traffic Measurement and Analysis Conference (TMA);2023-06-26