Using Referrer Field for Authentication

From Guidance Share
Jump to navigationJump to search

Description

The referrer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.


Applies To

  • Languages: All
  • Operating platforms: All


Example

The following code connects to a remote host and then checks referrer field to make a trust decision:

sock= socket(AF_INET, SOCK_STREAM, 0); 
...
bind(sock, (struct sockaddr *)&server, len) 
...
while (1){
 newsock=accept(sock, (struct sockaddr *)&from, &fromlen);
 pid=fork();
 if (pid==0) {
   n = read(newsock,buffer,BUFSIZE);
   ...
   //Make a trust decision based on referrer
   if (buffer+...==Referer: http://www.foo.org/dsaf.html)
   //do stuff

Since referrer may be spoofed by the remote host, a valid trust decision cannot be made with this information


Impact

  • Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
  • Accountability: Actions may be taken in the name of the server referred to.


Vulnerabilities

  • Use of referrer field to make a trust decision about a remote host.


Countermeasures

  • Design: Use other means of authorization that cannot be simply spoofed.


Vulnerability Patterns


How Tos