CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

Read Time:1 Minute, 42 Second

Description

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product’s control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-610
CWE-668

Consequences

Non-Repudiation, Access Control: Gain Privileges or Assume Identity, Hide Activities, Execute Unauthorized Code or Commands

Potential Mitigations

Phase: Architecture and Design

Description:

Enforce the use of strong mutual authentication mechanism between the two parties.

Phase: Architecture and Design

Description:

Whenever a product is an intermediary or proxy for
transactions between two other components, the proxy core
should not drop the identity of the initiator of the
transaction. The immutability of the identity of the
initiator must be maintained and should be forwarded all the
way to the target.

CVE References

CVE-1999-0017
- FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker’s.

CVE-1999-0168
- RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.

CVE-2005-0315
- FTP server does not ensure that the IP address in a PORT command is the same as the FTP user’s session, allowing port scanning by proxy.

CVE-2002-1484
- Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.

CVE-2004-2061
- CGI script accepts and retrieves incoming URLs.

CVE-2001-1484
- Bounce attack allows access to TFTP from trusted side.

CVE-2010-1637
- Web-based mail program allows internal network scanning using a modified POP3 port number.

CVE-2009-0037
- URL-downloading library automatically follows redirects to file:// and scp:// URLs

InCVE-1999-0017, CWE- 441, Unintended Proxy or Intermediary ('Confused Deputy')

Cryptomining Malware Found in Popular Open Source Packages

Interpol Identifies Over 140 Human Traffickers in New Initiative

ICO Warns of Mobile Phone Festive Privacy Snafu

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

CWE-441 – Unintended Proxy or Intermediary (‘Confused Deputy’)

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security