目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-784 在安全决策中依赖未经验证和完整性检查的Cookie 类漏洞列表 4

CWE-784 在安全决策中依赖未经验证和完整性检查的Cookie 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-784 属于安全决策依赖未验证 Cookie 的漏洞。攻击者常通过浏览器工具或脚本篡改 Cookie 值,从而绕过身份验证或授权机制,伪装成合法用户或提升权限。由于 Cookie 在客户端存储且易被修改,若服务端未校验其完整性与合法性,将导致严重的安全隐患。开发者应避免仅凭 Cookie 做安全判断,需结合服务端会话管理、签名验证及 HTTPS 传输,确保数据真实可信。

MITRE CWE 官方描述
CWE:CWE-784 在安全决策中依赖未经验证和完整性检查的 Cookie 英文:产品使用了一种依赖于 Cookie 的存在性或值的保护机制,但未能正确确保该 Cookie 对关联用户是有效的。 攻击者可以轻松修改 Cookie,无论是在浏览器内还是通过在浏览器外实现客户端代码。攻击者可以通过修改 Cookie 以包含预期值,从而绕过授权和身份验证等保护机制。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
It is dangerous to use cookies to set a user's privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred.
缓解措施 (4)
Architecture and DesignAvoid using cookie data for a security-related decision.
ImplementationPerform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.
Architecture and DesignAdd integrity checks to detect tampering.
Architecture and DesignProtect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, s…
代码示例 (2)
The following code excerpt reads a value from a browser cookie to determine the role of the user.
Cookie[] cookies = request.getCookies(); for (int i =0; i< cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals("role")) { userRole = c.getValue(); } }
Bad · Java
The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.
$auth = $_COOKIES['authenticated']; if (! $auth) { if (AuthenticateUser($_POST['user'], $_POST['password']) == "success") { // save the cookie to send out in future responses setcookie("authenticated", "1", time()+60*60*2); } else { ShowLoginScreen(); die("\n"); } } DisplayMedicalHistory($_POST['patient_ID']);
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2024-9820 WordPress plugin WP 2FA with Telegram 安全漏洞 — AuthPress 6.5 Medium2024-10-15
CVE-2023-3050 TMT Lockcell 安全漏洞 — Lockcell 9.8 Critical2023-06-13
CVE-2022-3083 Landis+Gyr E850 安全漏洞 — E850 (ZMQ200) 3.9 Low2023-02-01
CVE-2020-8184 RubyGem Rack 输入验证错误漏洞 — https://github.com/rack/rack 7.5 -2020-06-19

CWE-784(在安全决策中依赖未经验证和完整性检查的Cookie) 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。