CWE-348: Use of Less Trusted Source
Learn about CWE-348 (Use of Less Trusted Source), its security impact, exploitation methods, and prevention guidelines.
What is Use of Less Trusted Source?
• Overview: CWE-348, Use of Less Trusted Source, occurs when a software product has multiple sources for the same data and opts to use the source that is less reliable or more prone to attack. This can introduce vulnerabilities if the less trusted source is manipulated or compromised.
• Exploitation Methods:
- Attackers can manipulate or spoof the less trusted data source to introduce malicious data into the system.
- Common attack patterns include man-in-the-middle attacks, spoofing legitimate sources, and data tampering.
• Security Impact:
- Direct consequences include unauthorized access, data corruption, and execution of malicious code.
- Potential cascading effects could be unauthorized data disclosure, data loss, and compromise of system integrity.
- Business impact may involve financial loss, damage to reputation, and legal liabilities due to data breaches.
• Prevention Guidelines:
- Specific code-level fixes include implementing strict validation and verification checks on data from less trusted sources.
- Security best practices include favoring more trusted sources, using encryption, and implementing multi-factor authentication to verify data integrity.
- Recommended tools and frameworks include using cryptographic libraries for data integrity checks and employing security information and event management (SIEM) systems for monitoring and alerting.
Corgea can automatically detect and fix Use of Less Trusted Source in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
Python Example
import json
import os
def load_config():
# Vulnerable: Using an environment variable (less trusted source) for config path
config_path = os.getenv('CONFIG_PATH') # Environment variable can be manipulated
with open(config_path, 'r') as config_file:
config = json.load(config_file)
return config
Explanation of Vulnerability
The vulnerable code above relies on an environment variable CONFIG_PATH to determine the path of a configuration file. This approach is susceptible to CWE-348 as environment variables can be manipulated by attackers or misconfigured, leading to loading untrusted or malicious configuration files. An attacker could set CONFIG_PATH to a path containing malicious configurations, compromising the application.
How to fix Use of Less Trusted Source?
To fix this vulnerability, prefer using a more secure and trusted source for configuration files. One approach is to use a predefined and secured file path or a configuration management system that ensures file integrity and access control. Avoid dynamically determining sensitive file locations through potentially manipulated sources like environment variables. Instead, define the configuration path statically in the code or use a secure configuration management tool that verifies the integrity and authenticity of the configuration files.
Fixed Code Example
import json
import os
def load_config():
# Fixed: Use a predefined and secure path for configuration
config_path = '/etc/myapp/config.json' # Static and secure path
# Check if the file exists and is not a symbolic link
if not os.path.exists(config_path):
raise FileNotFoundError("Configuration file not found at the specified path.")
if os.path.islink(config_path):
raise SecurityException("Configuration file path is a symbolic link!")
with open(config_path, 'r') as config_file:
config = json.load(config_file)
return config
Explanation of the Fix
- Static Path: The configuration file path is hardcoded to a secure and controlled directory (
/etc/myapp/config.json) instead of relying on an environment variable. This prevents unauthorized redirection to malicious files. - Existence and Integrity Check: Added checks to ensure the configuration file exists and is not a symbolic link, which could be used to redirect the application to a malicious file.
- Security Exception: Raises an exception if the configuration file path is detected as a symbolic link, thereby preventing potential attacks.
By using a secure and predefined configuration path and adding integrity checks, we significantly reduce the risk of using a less trusted source for configuration data.