WebApp Sec mailing list archives

RE: Doubt in Application Audit

From: "Shan, Xuning V (Vincent)" <shan () lucent com>
Date: Wed, 23 Feb 2005 22:16:50 -0600

Maybe the "NULL Encryption" is used in the IPSec.

-----Original Message-----
From: Alfred Hitchcock [mailto:alfredhitchcock_007 () yahoo com]
Sent: Wednesday, February 23, 2005 5:25 AM
To: webappsec () securityfocus com
Subject: Doubt in Application Audit




Hi All,
I am doing a security audit of an application (sorry i cannot name it). This application connects to the database 
server and gets some relevant information. In order to see the communication channel I am using ethereal.
The interesting fact is in ethereal the protocol that the application is using with the database server is shown as ESP.
If ESP is being used then the data that is being exchanged in the communication channel should be encrypted right? But 
ethereal shows the data that is being passed in clear text. This is the sample proof

0200  09 3c 6d 79 3a 49 73 73  75 65 53 74 61 74 75 73   .<my:Iss ueStatus
0210  44 69 73 70 6c 61 79 3e  3c 2f 6d 79 3a 49 73 73   Display> </my:Iss
0220  75 65 53 74 61 74 75 73  44 69 73 70 6c 61 79 3e   ueStatus Display>
0230  0d 0a 09 09 3c 6d 79 3a  45 6d 61 69 6c 4c 69 73   ....<my: EmailLis
0240  74 3e 3c 2f 6d 79 3a 45  6d 61 69 6c 4c 69 73 74   t></my:E mailList
0250  3e 0d 0a 09 09 3c 6d 79  3a 45 72 72 6f 72 44 65   >....<my :ErrorDe
0260  73 63 72 69 70 74 69 6f  6e 3e 3c 2f 6d 79 3a 45   scriptio n></my:E
0270  72 72 6f 72 44 65 73 63  72 69 70 74 69 6f 6e 3e   rrorDesc ription>
0280  0d 0a 09 09 3c 6d 79 3a  52 65 71 75 65 73 74 6f   ....<my: Requesto
0290  72 3e 0d 0a 09 09 09 3c  6d 79 3a 41 6c 69 61 73   r>.....< my:Alias
02a0  3e 76 2d 6e 69 6d 6f 68  6f 3c 2f 6d 79 3a 41 6c   >XXXXXXX</my:Al
02b0  69 61 73 3e 0d 0a 09 09  09 3c 6d 79 3a 4e 61 6d   ias>.... .<my:Nam
02c0  65 3e 4e 69 73 68 61 6e  74 20 4d 6f 68 6f 72 69   e>XXXXXX
02d0  6b 61 72 20 28 48 65 77  6c 65 74 74 2d 50 61 63   XXXX
02e0  6b 61 72 64 29 3c 2f 6d  79 3a 4e 61 6d 65 3e 0d   XXXX</m y:Name>.
02f0  0a 09 09 09 3c 6d 79 3a  4d 61 6e 61 67 65 72 4e   ....<my: ManagerN
0300  61 6d 65 3e 41 6e 6d 6f  6c 20 4d 61 6c 68 6f 74   ame>XXXXX
0310  72 61 20 28 48 65 77 6c  65 74 74 2d 50 61 63 6b   XXXXXXX
0320  61 72 64 29 3c 2f 6d 79  3a 4d 61 6e 61 67 65 72   XXXX</my :Manager
0330  4e 61 6d 65 3e 0d 0a 09  09 3c 2f 6d 79 3a 52 65   Name>... .</my:Re


So could you kindly let me know the exact reason for this. What is the exact problem...

Current thread:

Doubt in Application Audit Alfred Hitchcock (Feb 23)
- RE: Doubt in Application Audit Jeffory Atkinson (Feb 28)
- <Possible follow-ups>
- RE: Doubt in Application Audit Shan, Xuning V (Vincent) (Feb 23)
- Re: Doubt in Application Audit varun uppal (Feb 28)