Using Referer Field for Authentication| ID: 293 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The referer field in HTTP requests can be easily modified and,
as such, is not a valid means of message integrity
checking.
Likelihood of Exploit: High
Applicable PlatformsLanguage Class: All
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Gain privileges / assume
identity | Actions, which may not be authorized otherwise, can be carried out as
if they were validated by the server referred to. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | | In order to usefully check if a given action is authorized, some means
of strong authentication and method protection must be used. Use other
means of authorization that cannot be simply spoofed. Possibilities
include a username/password or certificate. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-293 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code samples check a packet's referer in order to
decide whether or not an inbound request is from a trusted
host.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Using referrer field for authentication | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 17, "Referer Request Header", Page
1030.'. Published on 2006.
