Reliance on Cookies without Validation and Integrity Checking |
Weakness ID: 565 (Weakness Base) | Status: Incomplete |
Description Summary
Extended Description
Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection attacks such as SQL injection and cross-site scripting, or otherwise modify inputs in unexpected ways.
Scope | Effect |
---|---|
Authorization | It is dangerous to use cookies to set a user's privileges. The cookie can be manipulated to escalate an attacker's privileges to an administrative level. |
Example 1
The following code excerpt reads a value from a browser cookie to determine the role of the user.
Phase: Architecture and Design Avoid using cookie data for a security-related decision. |
Phase: Implementation Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision. |
Phase: Architecture and Design Add integrity checks to detect tampering. |
Phase: Architecture and Design Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 254 | Security Features | Development Concepts (primary)699 |
ChildOf | Weakness Base | 602 | Client-Side Enforcement of Server-Side Security | Research Concepts1000 |
ChildOf | Weakness Class | 642 | External Control of Critical State Data | Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision | Development Concepts (primary)699 Research Concepts (primary)1000 |
This problem can be primary to many types of weaknesses in web applications. A developer may perform proper validation against URL parameters while assuming that attackers cannot modify cookies. As a result, the program might skip basic input validation to enable cross-site scripting, SQL injection, price tampering, and other attacks.. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2009-01-12 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Description, Other Notes, Potential Mitigations, Relationships | ||||
2009-07-16 (Critical) | CWE Content Team | MITRE | Internal | |
Clarified name and description; broadened the definition to include any security-critical operation, not just security decisions, to allow for relationships with injection weaknesses. | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Description, Name, Potential Mitigations, Relationship Notes, Relationships, Taxonomy Mappings | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Use of Cookies | |||
2009-07-27 | Use of Cookies in Security Decision | |||