CWE-552: Files or Directories Accessible to External Parties
Learn about CWE-552 (Files or Directories Accessible to External Parties), its security impact, exploitation methods, and prevention guidelines.
What is Files or Directories Accessible to External Parties?
• Overview: This vulnerability occurs when files or directories are accessible to unauthorized users. It typically involves web or FTP servers that expose sensitive files without proper access controls, allowing unauthorized access.
• Exploitation Methods:
- Attackers can exploit this by directly accessing files via URL paths that lack proper authentication or authorization mechanisms.
- Common attack patterns include directory traversal attacks and brute-force attempts to enumerate files within accessible directories.
• Security Impact:
- Direct consequences include unauthorized disclosure of sensitive information.
- Potential cascading effects involve data breaches, leading to further attacks using the exposed information.
- Business impact may include reputational damage, regulatory fines, and loss of customer trust.
• Prevention Guidelines:
- Specific code-level fixes include implementing strict access controls and authentication checks for file access.
- Security best practices involve regularly auditing directory permissions and ensuring sensitive files are stored outside publicly accessible directories.
- Recommended tools and frameworks include using web application firewalls (WAFs) and security scanning tools to detect and mitigate unauthorized access.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not Technology-Specific, Cloud Computing
Vulnerable Code Example
Python Example
import os
from flask import Flask, send_file, request
app = Flask(__name__)
@app.route('/download', methods=['GET'])
def download_file():
# Vulnerable code: Directly using user input to access files
# This allows users to access any file on the server, leading to potential data exposure
filename = request.args.get('filename')
return send_file(os.path.join('/secure/files', filename))
if __name__ == '__main__':
app.run(debug=True)
Explanation
The vulnerability arises from directly using user input to construct a file path, which can be exploited to access unauthorized files (e.g., via path traversal attacks). An attacker can manipulate the filename parameter to access sensitive files on the server, such as /etc/passwd on Unix-like systems.
How to fix Files or Directories Accessible to External Parties?
To fix this issue, you can implement the following measures:
- Validate and Sanitize Input: Ensure that the filename provided by the user is valid and does not allow path traversal. For example, check for disallowed characters such as
../. - Use Allowed List: Maintain a list of files that can be accessed and ensure that the requested file is on this list.
- Restrict File Paths: Use a secure method to resolve file paths and ensure that they stay within a designated directory.
Fixed Code Example
import os
from flask import Flask, send_file, request, abort
app = Flask(__name__)
ALLOWED_FILES = {'document.pdf', 'report.csv'} # Define allowed files
@app.route('/download', methods=['GET'])
def download_file():
filename = request.args.get('filename')
# Fixed code: Validate the requested filename against allowed files
if filename not in ALLOWED_FILES:
abort(403) # Forbidden: Access to this file is not allowed
# Securely resolve the path and ensure it is within the allowed directory
safe_path = os.path.join('/secure/files', filename)
# Check if the resolved path is actually within the intended directory
if not os.path.abspath(safe_path).startswith(os.path.abspath('/secure/files')):
abort(403) # Forbidden: Path traversal attempt
return send_file(safe_path)
if __name__ == '__main__':
app.run(debug=True)
Explanation
By implementing these changes, the application now securely controls access to files and directories, preventing unauthorized access. The fixed code checks if the requested file is within a predefined list of allowed files and ensures that the resolved path does not lead outside the designated directory. This mitigates the risk of path traversal attacks and unauthorized file access.