[Forgot Password]
Login  Register Subscribe

23631

 
 

117918

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Client-Side Enforcement of Server-Side Security

ID: 602Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

Extended Description

When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.

Enabling Factors for Exploitation
Consider a product that consists of two or more processes or nodes that must interact closely, such as a client/server model. If the product uses protection schemes in the client in order to defend from attacks against the server, and the server does not use the same schemes, then an attacker could modify the client in a way that bypasses those schemes. This is a fundamental design flaw that is primary to many weaknesses.

Likelihood of Exploit: Medium

Applicable Platforms
Language Class: All
Architectural Paradigm: Client-Server
Architectural Paradigm: Sometimes

Time Of Introduction

  • Architecture and Design

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
Availability
 
Bypass protection mechanism
DoS: crash / exit / restart
 
Client-side validation checks can be easily bypassed, allowing malformed or unexpected input to pass into the application, potentially as trusted data. This may lead to unexpected states, behaviors and possibly a resulting crash.
 
Access_Control
 
Bypass protection mechanism
Gain privileges / assume identity
 
Client-side checks for authentication can be easily bypassed, allowing clients to escalate their access levels and perform unintended actions.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
 For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings.
 
  
Architecture and Design
 
 If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path.
 
  
Testing
 
 Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
 
  
Testing
 
 Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
 
  

Relationships

Related CWETypeViewChain
CWE-602 ChildOf CWE-907 Category CWE-888  

Demonstrative Examples   (Details)

  1. This example contains client-side code that checks if the user authenticated successfully before sending a command. The server-side code performs the authentication in one step, and executes the command in a separate step.

Observed Examples

  1. CVE-2006-6994 : ASP program allows upload of .asp files by bypassing client-side checks.
  2. CVE-2007-0163 : steganography products embed password information in the carrier file, which can be extracted from a modified client.
  3. CVE-2007-0164 : steganography products embed password information in the carrier file, which can be extracted from a modified client.
  4. CVE-2007-0100 : client allows server to modify client's configuration and overwrite arbitrary files.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
OWASP Top Ten 2004 A1
 
Unvalidated Input
 
CWE_More_Specific
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 23, "Client-Side Security Is an Oxymoron" Page 687'. Published on 2002.

© 2013 SecPod Technologies