|
|
|
|
CWE-291: Trusting Self-reported IP Address
| | Trusting Self-reported IP Address |
Definition in a New Window 
|
| Compound Element ID: 291 (Compound Element Variant: Composite) | | Status: Incomplete |
 Description
Description Summary The use of IP addresses as authentication is flawed and can easily be spoofed by malicious users.
Extended Description As IP addresses can be easily spoofed, they do not constitute a valid authentication mechanism. Alternate methods should be used if significant authentication is necessary.
Time of Introduction Common Consequences | Scope | Effect |
|---|
Access Control Non-Repudiation | Technical Impact: Hide activities; Gain privileges / assume
identity Malicious users can fake authentication information, impersonating any
IP address. |
Likelihood of Exploit Demonstrative Examples Example 1 Both of these examples (Bad Code) Example Languages: C and C++ sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET; serv.sin_addr.s_addr = htonl(INADDR_ANY); servr.sin_port = htons(1008); bind(sd, (struct sockaddr *) & serv, sizeof(serv));
while (1) {
memset(msg, 0x0, MAX_MSG);
clilen = sizeof(cli);
if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {
n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *)
& cli, &clilen);
}
} (Bad Code) Example
Language: Java while(true) {
DatagramPacket rp=new
DatagramPacket(rData,rData.length);
outSock.receive(rp);
String in = new String(p.getData(),0, rp.getLength());
InetAddress clientIPAddress = rp.getAddress();
int port = rp.getPort();
if (isTrustedAddress(clientIPAddress) &
secretKey.equals(in)) {
out = secret.getBytes();
DatagramPacket sp =new DatagramPacket(out,out.length,
IPAddress, port); outSock.send(sp);
}
} This example checks if a request is from a trusted address before
responding to a request, but the code only verifies the address as
stored in the request packet. An attacker can spoof this address, thus
impersonating a trusted client Potential Mitigations
Phase: Architecture and Design Use other means of identity verification that cannot be simply
spoofed. Possibilities include a username/password or
certificate. |
Weakness Ordinalities | Ordinality | Description |
|---|
Resultant | (where
the weakness is typically related to the presence of some other
weaknesses) |
Relationships Causal Nature Taxonomy Mappings | Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|
| CLASP | | | Trusting self-reported IP address |
Content History | Submissions |
|---|
| Submission Date | Submitter | Organization | Source |
|---|
| CLASP | | Externally Mined | | | Modifications |
|---|
| Modification Date | Modifier | Organization | Source |
|---|
| 2008-09-08 | CWE Content Team | MITRE | Internal | | updated Common_Consequences, Relationships, Other_Notes,
Taxonomy_Mappings, Weakness_Ordinalities | | 2010-02-16 | CWE Content Team | MITRE | Internal | | updated Description, Other_Notes | | 2011-06-01 | CWE Content Team | MITRE | Internal | | updated Common_Consequences,
Demonstrative_Examples |
|
