CWE-1385

Missing Origin Validation in WebSockets

AI Translation Available

The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.

Status

incomplete

Abstraction

variant

Affected Platforms

Web Based Web Server

Extended Description

AI Translation

WebSockets provide a bi-directional low latency communication (near real-time) between a client and a server. WebSockets are different than HTTP in that the connections are long-lived, as the channel will remain open until the client or the server is ready to send the message, whereas in HTTP, once the response occurs (which typically happens immediately), the transaction completes.

A WebSocket can leverage the existing HTTP protocol over ports 80 and 443, but it is not limited to HTTP. WebSockets can make cross-origin requests that are not restricted by browser-based protection mechanisms such as the Same Origin Policy (SOP) or Cross-Origin Resource Sharing (CORS). Without explicit origin validation, this makes CSRF attacks more powerful.

Technical Details

AI Translation

Common Consequences

confidentiality integrity availability non-repudiation access control

Impacts

varies by context gain privileges or assume identity bypass protection mechanism read application data modify application data dos: crash, exit, or restart

Potential Mitigations

Phases:

implementation architecture and design

Descriptions:

• Use a randomized CSRF token to verify requests.

• Require user authentication prior to the WebSocket connection being established. For example, the WS library in Node has a 'verifyClient' function.

• Use a library that provides restriction of the payload size. For example, WS library for Node includes 'maxPayloadoption' that can be set.

• Enable CORS-like access restrictions by verifying the 'Origin' header during the WebSocket handshake.

• Use TLS to securely communicate using 'wss' (WebSocket Secure) instead of 'ws'.

• Leverage rate limiting to prevent against DoS. Use of the leaky bucket algorithm can help with this.

• Treat data/input as untrusted in both directions and apply the same data/input sanitization as XSS, SQLi, etc.

AI Generated Translation

Common Consequences

riservatezza integrità disponibilità non-ripudio controllo degli accessi

Impacts

varia dal contesto ottenere privilegi o assumere identità elusione del meccanismo di protezione leggere dati applicazione modificare dati applicazione dos: crash, uscita o riavvio

Potential Mitigations

Phases:

implementazione architettura e design

Descriptions:

• Utilizzare un token CSRF casuale per verificare le richieste.

• Richiedere l'autenticazione dell'utente prima che venga stabilita la connessione WebSocket. Ad esempio, la libreria WS in Node.js dispone di una funzione 'verifyClient'.

• Utilizza una libreria che consenta di limitare la dimensione del payload. Ad esempio, la libreria WS per Node include l'opzione 'maxPayload' che può essere configurata.

• Abilita restrizioni di accesso simili a CORS verificando l'intestazione 'Origin' durante la handshake del WebSocket.

• Utilizza TLS per comunicare in modo sicuro usando 'wss' (WebSocket Secure) anziché 'ws'.

• Sfrutta il rate limiting per prevenire attacchi DoS. L'uso dell'algoritmo del leaky bucket può essere utile a questo scopo.

• Tratta i dati/input come non affidabili in entrambe le direzioni e applica la stessa sanitizzazione dei dati/input utilizzata per XSS, SQLi, ecc.

CWE-1385

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter