1. Home
  2. CWE Database
  3. CWE-565
Base · Medium

CWE-565: Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

CWE-565 · Base Level ·1 CVEs ·4 Mitigations

Description

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Potential Impact

Confidentiality, Integrity, Availability

Modify Application Data, Execute Unauthorized Code or Commands

Access Control

Gain Privileges or Assume Identity

Demonstrative Examples

The following code excerpt reads a value from a browser cookie to determine the role of the user.
Bad
Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {Cookie c = cookies[i];if (c.getName().equals("role")) {userRole = c.getValue();}}
It is easy for an attacker to modify the "role" value found in the locally stored cookie, allowing privilege escalation.

Mitigations & Prevention

Architecture and Design

Avoid using cookie data for a security-related decision.

Implementation

Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.

Architecture and Design

Add integrity checks to detect tampering.

Architecture and Design

Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2008-5784e-dating application allows admin privileges by setting the admin cookie to 1.

CWE-642: External Control of Critical State Data

The product stores security-critical state information about its users, or the product itself, in a location that is acc...

CWE-669: Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior ...

CWE-602: Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the s...

Taxonomy Mappings

  • Software Fault Patterns: SFP29 — Faulty endpoint authentication

Frequently Asked Questions

What is CWE-565?

CWE-565 (Reliance on Cookies without Validation and Integrity Checking) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

How can CWE-565 be exploited?

Attackers can exploit CWE-565 (Reliance on Cookies without Validation and Integrity Checking) to modify application data, execute unauthorized code or commands. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-565?

Key mitigations include: Avoid using cookie data for a security-related decision.

What is the severity of CWE-565?

CWE-565 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.