Insufficient data authenticity validation - Front bypass
Description
The credentials policy present in the system warns that these cannot be consecutive and/or repeated numbers, however this validation is only done in the front end of the application, so it is possible to modify the password from the same request and assign a key that goes against the policies.
Impact
Bypass security policies assigned for user keys.
Recommendation
The key creation policy must be validated on both the front and back ends of the application.
Threat
Attacker without credentials from the Internet.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: X
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
- Score:
- Base: 5.3
- Temporal: 5.3
- Severity:
- Base: Medium
- Temporal: Medium
Code Examples
Compliant code
The application validates user credentials on the back end
public static boolean isValidPassword(String password,String regex){
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(password);
return matcher.matches();
}
Non compliant code
The application does not validate credentials on the back end
public void createUser(user) throws Exception {
VOUserDetails u = createUniqueUser();
u.setName(user.name);
u.setPassword(user.password)
is.createUser(u, Arrays.asList(UserRoleType.USER), null);
}
Requirements
- 122. Validate credential ownership
- 173. Discard unsafe inputs
- 178. Use digital signatures
- 320. Avoid client-side control enforcement
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.