CWE-302 使用假设不可变数据进行的认证绕过
Authentication Bypass by Assumed-Immutable Data
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 807 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
可能的缓解方案
['Architecture and Design', 'Operation', 'Implementation']
策略:
Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)
示例代码
例
In the following example, an "authenticated" cookie is used to determine whether or not a user should be granted access to a system.
bad Java
if (authenticated) {
Of course, modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-0367 | DebPloit | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0367 |
| CVE-2004-0261 | Web auth | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0261 |
| CVE-2002-1730 | Authentication bypass by setting certain cookies to "true". | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1730 |
| CVE-2002-1734 | Authentication bypass by setting certain cookies to "true". | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1734 |
| CVE-2002-2064 | Admin access by setting a cookie. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2064 |
| CVE-2002-2054 | Gain privileges by setting cookie. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2054 |
| CVE-2004-1611 | Product trusts authentication information in cookie. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611 |
| CVE-2005-1708 | Authentication bypass by setting admin-testing variable to true. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1708 |
| CVE-2005-1787 | Bypass auth and gain privileges by setting a variable. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1787 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Authentication Bypass via Assumed-Immutable Data | ||
| OWASP Top Ten 2004 | A1 | CWE More Specific | Unvalidated Input |
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC02-J | Do not base security checks on untrusted sources |
相关攻击模式
- CAPEC-10
- CAPEC-13
- CAPEC-21
- CAPEC-274
- CAPEC-31
- CAPEC-39
- CAPEC-45
- CAPEC-77