Reliance on Cookies without Validation and Integrity Checking| ID: 565 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Base |
Description
The application relies on the existence or values of cookies
when performing security-critical operations, but it does not properly ensure
that the setting is valid for the associated user.
Extended DescriptionAttackers can easily modify cookies, within the browser or by implementing
the client-side code outside of the browser. Reliance on cookies without
detailed validation and integrity checking can allow attackers to bypass
authentication, conduct injection attacks such as SQL injection and
cross-site scripting, or otherwise modify inputs in unexpected ways.
Applicable PlatformsNone
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Gain privileges / assume
identity | It is dangerous to use cookies to set a user's privileges. The cookie
can be manipulated to escalate an attacker's privileges to an
administrative level. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | | Avoid using cookie data for a security-related decision. | | |
| Implementation | | Perform thorough input validation (i.e.: server side validation) on
the cookie data if you're going to use it for a security related
decision. | | |
| Architecture and Design | | Add integrity checks to detect tampering. | | |
| Architecture and Design | | Protect critical cookies from replay attacks, since cross-site
scripting or other attacks may allow attackers to steal a
strongly-encrypted cookie that also passes integrity checks. This
mitigation applies to cookies that should only be valid during a single
transaction or session. By enforcing timeouts, you may limit the scope
of an attack. As part of your integrity check, use an unpredictable,
server-side value that is not exposed to the client. | | |
RelationshipsThis problem can be primary to many types of weaknesses in web
applications. A developer may perform proper validation against URL
parameters while assuming that attackers cannot modify cookies. As a result,
the program might skip basic input validation to enable cross-site
scripting, SQL injection, price tampering, and other attacks..
| Related CWE | Type | View | Chain |
|---|
| CWE-565 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code excerpt reads a value from a browser cookie to
determine the role of the user. (Demonstrative Example Id DX-61)
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None
