Read Time:1 Minute, 49 Second

Description

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-642
CWE-471

 

Consequences

Integrity: Modify Application Data

Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies.

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-2002-0108
    • Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.
  • CVE-2000-0253
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0254
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0926
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0101
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0102
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0758
    • Allows admin access by modifying value of form field.
  • CVE-2000-1234
    • Send email to arbitrary users by modifying email parameter.
  • CVE-2005-1784
    • Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.
  • CVE-2005-1682
    • Modification of message number parameter allows attackers to read other people’s messages.