CWE-293 使用Refer域进行认证
Using Referer Field for Authentication
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: High
基本描述
The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 290 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 290 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity | Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to. |
可能的缓解方案
Architecture and Design
策略:
In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used. Use other means of authorization that cannot be simply spoofed. Possibilities include a username/password or certificate.
示例代码
例
The following code samples check a packet's referer in order to decide whether or not an inbound request is from a trusted host.
bad C++
while(true){
requestPacket = processPacket(buffer, n);
if (requestPacket.referer == trustedReferer){
bad Java
String trustedReferer = "http://www.example.com/"
if(referer.equals(trustedReferer)){
return true;
else{
return false;
These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Using referrer field for authentication | ||
| Software Fault Patterns | SFP29 | Faulty endpoint authentication |