[jira] [Created] (RANGER-2361) [security] Login Cross Site Request Forgery (CSRF)

t oo (JIRA) Wed, 13 Mar 2019 06:52:15 -0700

t oo created RANGER-2361:
----------------------------

             Summary: [security] Login Cross Site Request Forgery (CSRF)        
        
                 Key: RANGER-2361
                 URL: https://issues.apache.org/jira/browse/RANGER-2361
             Project: Ranger
          Issue Type: Bug
          Components: admin, Ranger
    Affects Versions: 1.0.0
            Reporter: t oo



CSRF is an attack which forces an end user to execute unwanted actions on a web 
application in which he/she is currently authenticated. With a little help of 
social engineering (like sending a link via email/chat), an attacker may force 
the users of a web application to execute actions of the attacker's choosing. A 
successful CSRF exploit can compromise end user data and operation in case of 
normal user. If the targeted end user is the administrator account, this can 
compromise the entire web application. 
"The application's login page was vulnerable to CSRF attack. This means that 
the application's Login page can be triggered externally by an attacker. Other 
users or potential attackers having valid credentials to the application may be 
able hijack requests to the domain that the victim thought were anonymous or 
were under their own account but sending it to the attacker's account instead.

To demonstrate the issue, an HTML file having the following codes below is 
created as a proof-of-concept.

<html>
 <!-- CSRF PoC - generated by Burp Suite Professional -->
 <body>
 <script>history.pushState('', '', '/')</script>
 <form action=""https://domain:6182/j_spring_security_check""; method=""POST"">
 <input type=""hidden"" name=""j&#95;username"" value=""myuser"" />
 <input type=""hidden"" name=""j&#95;password"" 
value=""********************************"" />
 <input type=""submit"" value=""Submit request"" />
 </form>
 </body>
</html>

How the CSRF HTML PoC Works:
 # Load the above HTML PoC code in the browser. This will show the response 
that Login has been successful as shown in the screenshot below.
2. Once you get authentication, then you can access any link within the 
application and you can see the page directly opens up without logging into the 
application.

 
|Depending on the nature of the application, a successful exploitation of this 
vulnerability may lead to stealing of private user information which can be 
used by an attacker to perform other exploits or attacks.
 

|It is recommended that the application validate where the login requests comes 
from and not allow login process to be called from an external source. 
Recommendations also include utilizing anti-Cross Site Request Forgery tokens 
to prevent Cross-Site Request Forgery attacks. 
 
 References: 
 www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf 
 http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/|
|



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2361) [security] Login Cross Site Request Forgery (CSRF)

Reply via email to