CWE-352Cross-Site Request Forgery (CSRF)

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Common consequences

• Confidentiality,Integrity,Availability,Non-Repudiation,Access Control→Gain Privileges or Assume Identity,Bypass Protection Mechanism,Read Application Data,Modify Application Data,DoS: Crash,
  The consequences will vary depending on the nature of the functionality that is vulnerable to CSRF. An attacker could trick a client into making an unintentional request to the web server via a URL, image load, XMLHttpRequest, etc., which w

Potential mitigations

• Architecture and Design
  [object Object]
• Implementation
  Ensure that the application is free of cross-site scripting issues (CWE-79), because most CSRF defenses can be bypassed using attacker-controlled script.
• Architecture and Design
  Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). [REF-332]
• Architecture and Design
  Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
• Architecture and Design
  [object Object]
• Architecture and Design
  Do not use the GET method for any request that triggers a state change.
• Implementation
  Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

Related CWEs

Recent CVEs classified under this CWE