New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

aspxauth

Package Overview
Dependencies
Maintainers
3
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

aspxauth - npm Package Compare versions

Comparing version 2.0.0 to 3.0.0

6

CHANGELOG.md

@@ -0,1 +1,7 @@

## 3.x
### 3.0.0
* Added extra signature of unencrpyted data required in .NET validation
## 2.x

@@ -2,0 +8,0 @@

2

package.json
{
"name": "aspxauth",
"version": "2.0.0",
"version": "3.0.0",
"description": "Verify and decrypt .NET's .ASPXAUTH cookie from node",

@@ -5,0 +5,0 @@ "main": "src/index.js",

2

README.md
# aspxauth
**Note:** There are many variables, flags, and version-specific considerations for how .NET generates the `.aspxauth` cookie. This library works for our needs using older versions of the .NET framework. Your milage may vary.
Provides utilities to assist in generating, validating and decrypting .NET authorization tickets (usually set in the .ASPXAUTH cookie) for interoperation with .NET authentication.

@@ -4,0 +6,0 @@

17

src/index.js

@@ -65,3 +65,3 @@ "use strict";

const BASE_PAYLOAD_SIZE = DECRYPTION_METHOD.headerSize + 21;
const BASE_PAYLOAD_SIZE = 21;

@@ -89,2 +89,7 @@ function validate( bytes ) {

const decryptedBytes = Buffer.concat( [ decryptor.update( payload ), decryptor.final() ] );
if ( !validate( decryptedBytes.slice( DECRYPTION_METHOD.headerSize ) ) ) {
return null;
}
const reader = new BufferReader( decryptedBytes );

@@ -127,4 +132,2 @@ const ticket = {};

// Write a random header to serve as a salt
writer.writeBuffer( randomBytes( DECRYPTION_METHOD.headerSize ) );
writer.writeByte( FORMAT_VERSION );

@@ -152,5 +155,11 @@

// add a hash of the preencrypted bytes
const preEncryptedHash = createHmac( "sha1", VALIDATION_KEY );
preEncryptedHash.update( writer.buffer );
const preEncryptedBytes = Buffer.concat( [ randomBytes( DECRYPTION_METHOD.headerSize ), writer.buffer, preEncryptedHash.digest() ] );
const encryptor = createCipheriv( DECRYPTION_METHOD.cipher, DECRYPTION_KEY, DECRYPTION_IV );
const encryptedBytes = Buffer.concat( [ encryptor.update( writer.buffer ), encryptor.final() ] );
const encryptedBytes = Buffer.concat( [ encryptor.update( preEncryptedBytes ), encryptor.final() ] );
// add a hash of the encrypted bytes
const hash = createHmac( "sha1", VALIDATION_KEY );

@@ -157,0 +166,0 @@ hash.update( encryptedBytes );

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc