Log Spoofing
The attack is based on fooling the human eye in log files
An attacker can erase his traces from the logs using this attack
Solution
When you enter a failed login attempt, the log displays
Login failed for username: <the user name you enter>
Enter in the username field..
Smith%0d%0aLogin Succeeded for username: admin
%0d is carriage return
%0a is line feed return
This makes it appear that a login for smith failed but a login for admin succeeded afterwards
Even though this was all done in the same attempt and there was no actual admin login
Last updated