Using Referrer Field for Authentication
From Guidance Share
Jump to navigationJump to searchDescription
The referrer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.
Applies To
- Languages: All
- Operating platforms: All
Example
The following code connects to a remote host and then checks referrer field to make a trust decision:
sock= socket(AF_INET, SOCK_STREAM, 0); ... bind(sock, (struct sockaddr *)&server, len) ... while (1){ newsock=accept(sock, (struct sockaddr *)&from, &fromlen); pid=fork(); if (pid==0) { n = read(newsock,buffer,BUFSIZE); ... //Make a trust decision based on referrer if (buffer+...==Referer: http://www.foo.org/dsaf.html) //do stuff
Since referrer may be spoofed by the remote host, a valid trust decision cannot be made with this information
Impact
- Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
- Accountability: Actions may be taken in the name of the server referred to.
Vulnerabilities
- Use of referrer field to make a trust decision about a remote host.
Countermeasures
- Design: Use other means of authorization that cannot be simply spoofed.
Vulnerability Patterns