Mitigate TokenChpoken attack on PeopleSoft
Problem this snippet solves: The TokenChpoken attack, which affects systems that use Single Sign-On (SSO), is possible because an authentication cookie (PS_TOKEN) used by PeopleSoft applications can be forged. The PS_TOKEN cookie is generated when a user first signs in to a PeopleSoft application. When users log in to a different server, the browser sends this cookie for authentication so that the user doesn’t have to enter his/her credentials again. The complete description of the attack can be found here : https://erpscan.com/press-center/blog/peoplesoft-security-part-3-peoplesoft-sso-tokenchpoken-attack/ How to use this snippet: insert the code example in the Virtual Server that publish the PeopleSoft application. External links Github : https://github.com/e-XpertSolutions/f5 Code : when RULE_INIT { set cookieToken "PS_TOKEN" # to be changed prior to any publishing set passphrase "hEuoYjmFUpB4PcpO3bUdQtLP4ic7jjm" } when HTTP_RESPONSE { if { [HTTP::cookie exists $cookieToken ] } { HTTP::cookie encrypt $cookieToken $passphrase } } when HTTP_REQUEST { if { [HTTP::cookie exists $cookieToken ] } { set decrypted [HTTP::cookie decrypt $cookieToken $passphrase] if { ($decrypted eq "") } { # Cookie wasn't encrypted, delete it HTTP::cookie remove $cookieToken } } } Tested this on version: 11.5