You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "t oo (JIRA)" <ji...@apache.org> on 2019/03/13 13:45:00 UTC
[jira] [Created] (RANGER-2361) [security] Login Cross Site Request
Forgery (CSRF)
t oo created RANGER-2361:
----------------------------
Summary: [security] Login Cross Site Request Forgery (CSRF)
Key: RANGER-2361
URL: https://issues.apache.org/jira/browse/RANGER-2361
Project: Ranger
Issue Type: Bug
Components: admin, Ranger
Affects Versions: 1.0.0
Reporter: t oo
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.
"The application's login page was vulnerable to CSRF attack. This means that the application's Login page can be triggered externally by an attacker. Other users or potential attackers having valid credentials to the application may be able hijack requests to the domain that the victim thought were anonymous or were under their own account but sending it to the attacker's account instead.
To demonstrate the issue, an HTML file having the following codes below is created as a proof-of-concept.
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action=""https://domain:6182/j_spring_security_check"" method=""POST"">
<input type=""hidden"" name=""j_username"" value=""myuser"" />
<input type=""hidden"" name=""j_password"" value=""********************************"" />
<input type=""submit"" value=""Submit request"" />
</form>
</body>
</html>
How the CSRF HTML PoC Works:
# Load the above HTML PoC code in the browser. This will show the response that Login has been successful as shown in the screenshot below.
2. Once you get authentication, then you can access any link within the application and you can see the page directly opens up without logging into the application.
|Depending on the nature of the application, a successful exploitation of this vulnerability may lead to stealing of private user information which can be used by an attacker to perform other exploits or attacks.
|It is recommended that the application validate where the login requests comes from and not allow login process to be called from an external source. Recommendations also include utilizing anti-Cross Site Request Forgery tokens to prevent Cross-Site Request Forgery attacks.
References:
www.adambarth.com/papers/2008/barth-jackson-mitchell-b.pdf
http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/|
|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)