CWE-302 使用假设不可变数据进行的认证绕过

admin
admin
admin
139041
文章
114
评论
2021年12月16日15:51:07评论69 views字数 2372阅读7分54秒阅读模式

CWE-302 使用假设不可变数据进行的认证绕过

Authentication Bypass by Assumed-Immutable Data

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 807 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism

可能的缓解方案

['Architecture and Design', 'Operation', 'Implementation']

策略:

Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)

示例代码

In the following example, an "authenticated" cookie is used to determine whether or not a user should be granted access to a system.

bad Java

boolean authenticated = new Boolean(getCookieValue("authenticated")).booleanValue();
if (authenticated) {

...

}

Of course, modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable.

分析过的案例

标识 说明 链接
CVE-2002-0367 DebPloit https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0367
CVE-2004-0261 Web auth https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0261
CVE-2002-1730 Authentication bypass by setting certain cookies to "true". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1730
CVE-2002-1734 Authentication bypass by setting certain cookies to "true". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1734
CVE-2002-2064 Admin access by setting a cookie. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2064
CVE-2002-2054 Gain privileges by setting cookie. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2054
CVE-2004-1611 Product trusts authentication information in cookie. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611
CVE-2005-1708 Authentication bypass by setting admin-testing variable to true. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1708
CVE-2005-1787 Bypass auth and gain privileges by setting a variable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1787

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Authentication Bypass via Assumed-Immutable Data
OWASP Top Ten 2004 A1 CWE More Specific Unvalidated Input
The CERT Oracle Secure Coding Standard for Java (2011) SEC02-J Do not base security checks on untrusted sources

相关攻击模式

  • CAPEC-10
  • CAPEC-13
  • CAPEC-21
  • CAPEC-274
  • CAPEC-31
  • CAPEC-39
  • CAPEC-45
  • CAPEC-77

文章来源于互联网:scap中文网

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月16日15:51:07
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-302 使用假设不可变数据进行的认证绕过https://cn-sec.com/archives/613221.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息