Skip to main content

Insufficient data authenticity validation

Description

The application does not control on the server if someone have permission to modify certain fields and allows to use invalid data in some fields, for example non-existing names.

Impact

Inject potentially malicious characters into application fields.

Recommendation

Validate on the server side the types of data that are entered into different types of fields in the application.

Threat

Authorized user from Internet.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:X
  • Score:
    • Base: 4.3
    • Temporal: 4.1
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The application implements server side validation for all input fields

app.post('/editProfile', isLoggedIn, function(req, res, next){
User.update({ _id: req.user.id}, req.body, function(err, user){
var usernameEdit = req.body.username;
//Validate data before editing
if(!isValidData(req.body)){
req.flash('error', 'Found several conflicting fields');
res.redirect('/edit');
}
else{
user.email = emailEdit;
user.local.email = emailEdit;
user.first_name = first_nameEdit;
user.last_name = last_nameEdit;
user.username = usernameEdit;
res.redirect('/profile/');
}
}
});

Non compliant code

The application does not validate input data on the server side

app.post('/editProfile', isLoggedIn, function(req, res, next){
User.update({ _id: req.user.id}, req.body, function(err, user){
//Updating user without validating data on the server side
user.email = emailEdit;
user.local.email = emailEdit;
user.first_name = first_nameEdit;
user.last_name = last_nameEdit;
user.username = usernameEdit;
res.redirect('/profile/');
}
});

Requirements