CWE-942: Permissive Cross-domain Policy with Untrusted Domains
Learn about CWE-942 (Permissive Cross-domain Policy with Untrusted Domains), its security impact, exploitation methods, and prevention guidelines.
What is Permissive Cross-domain Policy with Untrusted Domains?
• Overview: Permissive Cross-domain Policy with Untrusted Domains (CWE-942) occurs when a product's cross-domain policy file allows requests from domains that should not be trusted. This can lead to unauthorized cross-domain requests, similar to issues seen in Cross-Site Scripting (CWE-79).
• Exploitation Methods:
- Attackers exploit this vulnerability by crafting malicious Flash or Silverlight applications that make unauthorized requests to a target server.
- Common attack patterns include using wildcards in policy files to gain access and executing scripts that steal sensitive information or perform actions on behalf of the user without their consent.
• Security Impact:
- Direct consequences include unauthorized access to sensitive data such as cookies and session information.
- Potential cascading effects involve further exploitation of the user's session or actions executed with elevated privileges.
- Business impact may include data breaches, loss of user trust, and potential legal consequences from unauthorized data access.
• Prevention Guidelines:
- Specific code-level fixes involve restricting cross-domain policy files to only include trusted domains without using wildcards.
- Security best practices include regularly reviewing and updating policy files to ensure they only allow necessary and trusted domains.
- Recommended tools and frameworks include automated security testing tools that can detect overly permissive cross-domain policies and frameworks that provide secure defaults for cross-domain access.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Web Based
Vulnerable Code Example
// This cross-domain policy file allows access from any domain, which is insecure.
// It permits untrusted domains to interact with the resources, leading to potential
// data leaks, unauthorized access, or other malicious activities.
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
How to fix Permissive Cross-domain Policy with Untrusted Domains?
A permissive cross-domain policy can lead to serious security issues by allowing potentially harmful and untrusted domains to interact with your resources. This can lead to data leaks, unauthorized access, or other malicious activities.
Best Practices:
- Restrict Domains: Only allow cross-domain access from specific, trusted domains that require interaction with your resources.
- Regularly Review Policies: Ensure that the cross-domain policy is regularly reviewed and updated to reflect the current list of trusted domains.
- Use Secure Protocols: Prefer HTTPS over HTTP to ensure data is encrypted during transmission.
- Consider Alternatives: Use alternative methods such as CORS (Cross-Origin Resource Sharing) with proper headers for modern web applications.
Fixed Code Example
// Fixed cross-domain policy with restricted access to trusted domains only.
// This helps to prevent untrusted parties from accessing sensitive resources.
<cross-domain-policy>
<!-- Allow access from specific trusted domains only -->
<allow-access-from domain="trusted-domain.com" />
<allow-access-from domain="another-trusted.com" />
<!-- Avoid using wildcard '*' to prevent access from untrusted domains -->
</cross-domain-policy>
Explanation:
- The fixed example restricts access to specific, trusted domains (
trusted-domain.comandanother-trusted.com). This limits the risk of unauthorized access from malicious domains. - Avoiding the wildcard
*is crucial in preventing untrusted domains from interacting with your application's resources. - Regularly update the list of allowed domains based on business needs and security assessments.
By adhering to these practices, you significantly reduce the risk of a security breach due to an overly permissive cross-domain policy.