CWE-1007

Insufficient Visual Distinction of Homoglyphs Presented to User

AI Translation Available

The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

Status

incomplete

Abstraction

base

Likelihood

medium

Affected Platforms

Web Based

Extended Description

AI Translation

Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase 'l' (ell) and uppercase 'I' (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin capital letter 'A' and the Greek capital letter 'Α' (Alpha) are treated as distinct by programs, but may be displayed in exactly the same way to a user. Accent marks may also cause letters to appear very similar, such as the Latin capital letter grave mark 'À' and its equivalent 'Á' with the acute accent.

Adversaries can exploit this visual similarity for attacks such as phishing, e.g. by providing a link to an attacker-controlled hostname that looks like a hostname that the victim trusts. In a different use of homoglyphs, an adversary may create a back door username that is visually similar to the username of a regular user, which then makes it more difficult for a system administrator to detect the malicious username while reviewing logs.

Technical Details

AI Translation

Common Consequences

integrity confidentiality

Impacts

other

Detection Methods

manual dynamic analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Use a browser that displays Punycode for IDNs in the URL and status bars, or which color code various scripts in URLs. Due to the prominence of homoglyph attacks, several browsers now help safeguard against this attack via the use of Punycode. For example, Mozilla Firefox and Google Chrome will display IDNs as Punycode if top-level domains do not restrict which characters can be used in domain names or if labels mix scripts for different languages.

• Use an email client that has strict filters and prevents messages that mix character sets to end up in a user's inbox. Certain email clients such as Google's GMail prevent the use of non-Latin characters in email addresses or in links contained within emails. This helps prevent homoglyph attacks by flagging these emails and redirecting them to a user's spam folder.

AI Generated Translation

Common Consequences

integrità riservatezza

Impacts

altro

Detection Methods

analisi dinamica manuale

Potential Mitigations

Phases:

implementazione

Descriptions:

• Utilizza un browser che visualizzi Punycode per gli IDN nella URL e nelle barre di stato, o che codifichi a colori vari script nelle URL. A causa della diffusione degli attacchi di homoglyph, diversi browser ora aiutano a proteggersi da questo tipo di attacco tramite l'uso di Punycode. Ad esempio, Mozilla Firefox e Google Chrome visualizzeranno gli IDN come Punycode se i domini di primo livello non limitano i caratteri che possono essere utilizzati nei nomi di dominio o se le etichette mescolano script per lingue diverse.

• Utilizza un client di posta elettronica dotato di filtri rigorosi che impediscono ai messaggi che mescolano set di caratteri di finire nella casella di posta in arrivo di un utente. Alcuni client di posta elettronica, come GMail di Google, impediscono l'uso di caratteri non latini negli indirizzi email o nei link contenuti nelle email. Questo aiuta a prevenire attacchi di homoglyph, segnalando queste email e reindirizzandole nella cartella spam dell'utente.

CWE-1007

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter