Using Referrer Field for Authentication
From Guidance Share
Jump to navigationJump to search
Description
The referrer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.
Applies To
- Languages: All
- Operating platforms: All
Example
The following code connects to a remote host and then checks referrer field to make a trust decision:
sock= socket(AF_INET, SOCK_STREAM, 0);
...
bind(sock, (struct sockaddr *)&server, len)
...
while (1){
newsock=accept(sock, (struct sockaddr *)&from, &fromlen);
pid=fork();
if (pid==0) {
n = read(newsock,buffer,BUFSIZE);
...
//Make a trust decision based on referrer
if (buffer+...==Referer: http://www.foo.org/dsaf.html)
//do stuff
Since referrer may be spoofed by the remote host, a valid trust decision cannot be made with this information
Impact
- Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
- Accountability: Actions may be taken in the name of the server referred to.
Vulnerabilities
- Use of referrer field to make a trust decision about a remote host.
Countermeasures
- Design: Use other means of authorization that cannot be simply spoofed.
Vulnerability Patterns
