Tag Archives: Insufficient Visual Distinction of Homoglyphs Presented to User

CWE-1007 – Insufficient Visual Distinction of Homoglyphs Presented to User

Read Time:1 Minute, 28 Second

Description

The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-451

 

Consequences

Integrity, Confidentiality: Other

An attacker may ultimately redirect a user to a malicious website, by deceiving the user into believing the URL they are accessing is a trusted domain. However, the attack can also be used to forge log entries by using homoglyphs in usernames. Homoglyph manipulations are often the first step towards executing advanced attacks such as stealing a user’s credentials, Cross-Site Scripting (XSS), or log forgery. If an attacker redirects a user to a malicious site, the attacker can mimic a trusted domain to steal account credentials and perform actions on behalf of the user, without the user’s knowledge. Similarly, an attacker could create a username for a website that contains homoglyph characters, making it difficult for an admin to review logs and determine which users performed which actions.

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

CVE References

  • CVE-2013-7236
    • web forum allows impersonation of users with homoglyphs in account names
  • CVE-2012-0584
    • Improper character restriction in URLs in web browser
  • CVE-2009-0652
    • Incomplete denylist does not include homoglyphs of “/” and “?” characters in URLs
  • CVE-2017-5015
    • web browser does not convert hyphens to punycode, allowing IDN spoofing in URLs
  • CVE-2005-0233
    • homoglyph spoofing using punycode in URLs and certificates
  • CVE-2005-0234
    • homoglyph spoofing using punycode in URLs and certificates
  • CVE-2005-0235
    • homoglyph spoofing using punycode in URLs and certificates