CWE-293 - Using Referer Field for Authentication
CWE-293 High
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Using Referer Field for Authentication
- Description
The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website