Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-784 (在安全决策中依赖未经验证和完整性检查的Cookie) — Vulnerability Class 4

4 vulnerabilities classified as CWE-784 (在安全决策中依赖未经验证和完整性检查的Cookie). AI Chinese analysis included.

CWE-784 represents a critical security weakness where applications trust client-side cookies for sensitive decisions without verifying their integrity or authenticity. Attackers typically exploit this flaw by manipulating cookie values, such as altering session identifiers or privilege flags, to bypass authentication and authorization controls. Since cookies are easily modified by users or malicious scripts, relying on them as a sole security mechanism allows adversaries to impersonate legitimate users or escalate privileges. To mitigate this risk, developers must implement server-side validation for all cookie data, ensuring it matches expected formats and user contexts. Additionally, employing cryptographic signatures, such as HMACs, and using secure, HttpOnly flags helps prevent tampering and theft. Ultimately, security decisions should never depend solely on client-side storage, requiring robust backend verification to maintain system integrity.

MITRE CWE Description
The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
It is dangerous to use cookies to set a user's privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred.
Mitigations (4)
Architecture and DesignAvoid using cookie data for a security-related decision.
ImplementationPerform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.
Architecture and DesignAdd integrity checks to detect tampering.
Architecture and DesignProtect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, s…
Examples (2)
The following code excerpt reads a value from a browser cookie to determine the role of the user.
Cookie[] cookies = request.getCookies(); for (int i =0; i< cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals("role")) { userRole = c.getValue(); } }
Bad · Java
The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.
$auth = $_COOKIES['authenticated']; if (! $auth) { if (AuthenticateUser($_POST['user'], $_POST['password']) == "success") { // save the cookie to send out in future responses setcookie("authenticated", "1", time()+60*60*2); } else { ShowLoginScreen(); die("\n"); } } DisplayMedicalHistory($_POST['patient_ID']);
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-9820 WP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass — AuthPress 6.5 Medium2024-10-15
CVE-2023-3050 Authentication Bypass in TMT's Lockcell — Lockcell 9.8 Critical2023-06-13
CVE-2022-3083 Landis+Gyr E850 安全漏洞 — E850 (ZMQ200) 3.9 Low2023-02-01
CVE-2020-8184 RubyGem Rack 输入验证错误漏洞 — https://github.com/rack/rack 7.5 -2020-06-19

Vulnerabilities classified as CWE-784 (在安全决策中依赖未经验证和完整性检查的Cookie) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.