Operating System » MS Windows » Windows - How to » How to recover from Winsock Error » Network Protection Technology » WebDAV Redirector

WebDAV Redirector

The WebDAV Redirector (DAVRdr) allows computers running Windows XP to use WebDAV (Web-based Distributed Authoring and Versioning) servers, such as Windows SharePoint Services and MSN Communities, as if they were standard file servers. It consists of a kernel component that connects to a Windows NT remote file system stack, and a user-level component (Web client service) that translates file system requests into WebDAV requests.

WebDAV Redirector feature is used by people who access WebDAV servers through the remote file system. WebDAV Redirector is implemented in the remote file system stack. Client administrators, and users who are concerned with the security of their computer credentials, need to be aware that every access to remote files on a WebDAV server by Universal Naming Convention (UNC) (for example, ServerName ShareName File.txt) will be processed by WebDAV Redirector.

WebDAV is an extension of Hypertext Transfer Protocol (HTTP), and as such includes the use of Basic Authentication (BasicAuth). BasicAuth is one form of user authentication, or means by which a user is securely identified to the server. With BasicAuth, the client transmits the user’s credentials (user name and password) to the server. If the channel is unencrypted, such as with normal HTTP traffic, any computer on the network can see the user’s user name and password and therefore steal their identity. The DAVRdr does not support encrypted HTTP (HTTPS or SSL), and will transmit the user’s credentials in the clear (or, without encryption) if the server supports basic authentication. Although a server most likely would not be configured to use basic authentication, it would be possible to set up the server expressly to obtain users’ credentials.

Imagine a corporate user at AB Corporation who routinely accesses the file share ABC_Server Sales outside the corporation on a public network, and uses an application which attempts to access that share as part of normal background activity. Since the user’s portable computer is outside the corporate network, the request should fail. However, the DAVRdr will transmit a request to see if there is a DAV server named ABC_Server, even though the actual server that the portable computer is attempting to access is an SMB server.

An attacker can be operating on that same public network with a computer that spoofs WINS requests, returning a pointer to itself in response to any WINS request. The portable computer will then try to access a DAV share on that rogue server. If the rogue server responds with BasicAuth as the authentication method, a dialog box appears that asks for the user’s credentials. The dialog box identifies the server as ABC_Server, leading the user to believe the request is legitimate. If the user enters their user name and password, the client transmits that information in the clear and the attacker thus gains access to that user’s login information. There is no indication to the user that the channel is not secure, that the request is being handled by the DAVRdr, or that the portable computer will transmit the user name and password in the clear. Note that the current default Windows authentication methods never transmit a user’s password in the clear.

Updated On: 05.09.09

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.