Detections
Analytics
Cross-Site Request Forgery
medium Web App Scanning Plugin ID 98112
Language:
Synopsis
Cross-Site Request ForgeryDescription
Cross Site Request Forgery (CSRF) occurs when an authenticated user is tricked into clicking on a link which would automatically submit a request without the user's consent.This can be made possible when the request does not include an anti-CSRF token, generated each time the request is visited and passed when the request is submitted, and which can be used by the web application backend to verify that the request originates from a legitimate user.
Exploiting requests vulnerable to Cross-Site Request Forgery requires different factors:
- The request must perform a sensitive action.
- The victim must have an active session.
- The attacker must make the victim click on a link to send the request without their consent.
Scanner detected a request, available only to authenticated users, where all parameters within are known or predictable. The request may therefore be vulnerable to CSRF attacks.
Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.
Solution
Update the application by adding support of anti-CSRF tokens in any sensitive form available in an authenticated session.Most web frameworks provide either built-in solutions or have plugins that can be used to easily add these tokens to any form. Check the references for possible solutions provided for the most known frameworks.
See Also
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://www.cgisecurity.com/csrf-faq.html
https://codex.wordpress.org/WordPress_Nonces
https://docs.djangoproject.com/en/1.11/ref/csrf/
https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms
https://symfony.com/doc/current/form/csrf_protection.html
https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/csrf_paper.pdf
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)
Plugin Details
Severity: Medium
ID: 98112
Type: remote
Family: Cross Site Request Forgery
Published: 3/31/2017
Updated: 1/19/2024
Scan Template: full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS Score Source: Tenable
Reference Information
CWE: 352
OWASP: 2010-A5, 2013-A8, 2021-A1
WASC: Cross-Site Request Forgery
DISA STIG: APSC-DV-002500
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.12.6.1, 27001-A.14.2.5
NIST: sp800_53-SI-10(5)
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-4.2.2
PCI-DSS: 3.2-6.5.9