CWE-293: Using Referer Field for Authentication

Description

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

The following code samples check a packet's referer in order to decide whether or not an inbound request is from a trusted host.



openNewSecureSession(requestPacket);n = read(newsock, buffer, BUFSIZE);requestPacket = processPacket(buffer, n);if (requestPacket.referer == trustedReferer){}String trustedReferer = "http://www.example.com/"while(true){}



openPrivilegedConnection(request);return true;

sendPrivilegeError(request);return false;String referer = request.getHeader("referer")String trustedReferer = "http://www.example.com/"if(referer.equals(trustedReferer)){}else{}boolean processConnectionRequest(HttpServletRequest request){}

These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-290: Authentication Bypass by Spoofing

Go to

Visit http://cwe.mitre.org/ for more details.