Tag Archives: CVE-2009-1549

CWE-807 – Reliance on Untrusted Inputs in a Security Decision

Read Time:1 Minute, 48 Second

Description

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit: High

 

Related Weaknesses

CWE-693

 

Consequences

Confidentiality, Access Control, Availability, Other: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context

Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code.

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Phase: Architecture and Design

Effectiveness:

Description: 

Phase: Architecture and Design

Effectiveness:

Description: 

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Phase: Operation, Implementation

Effectiveness:

Description: 

When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.

Phase: Architecture and Design, Implementation

Effectiveness:

Description: 

CVE References

 

  • CVE-2009-1549
    • Attacker can bypass authentication by setting a cookie to a specific value.
  • CVE-2009-1619
    • Attacker can bypass authentication and gain admin privileges by setting an “admin” cookie to 1.
  • CVE-2009-0864
    • Content management system allows admin privileges by setting a “login” cookie to “OK.”
  • CVE-2008-5784
    • e-dating application allows admin privileges by setting the admin cookie to 1.
  • CVE-2008-6291
    • Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to “admin.”

CWE-784 – Reliance on Cookies without Validation and Integrity Checking in a Security Decision

Read Time:1 Minute, 47 Second

Description

The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit: High

 

Related Weaknesses

CWE-807
CWE-565

 

Consequences

Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity

It is dangerous to use cookies to set a user’s privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred.

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Avoid using cookie data for a security-related decision.

Phase: Implementation

Effectiveness:

Description: 

Perform thorough input validation (i.e.: server side validation) on the cookie data if you’re going to use it for a security related decision.

Phase: Architecture and Design

Effectiveness:

Description: 

Add integrity checks to detect tampering.

Phase: Architecture and Design

Effectiveness:

Description: 

Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.

CVE References

 

  • CVE-2009-1549
    • Attacker can bypass authentication by setting a cookie to a specific value.
  • CVE-2009-1619
    • Attacker can bypass authentication and gain admin privileges by setting an “admin” cookie to 1.
  • CVE-2009-0864
    • Content management system allows admin privileges by setting a “login” cookie to “OK.”
  • CVE-2008-5784
    • e-dating application allows admin privileges by setting the admin cookie to 1.
  • CVE-2008-6291
    • Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to “admin.”