CWE-293 - Using Referer Field for Authentication

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

Using Referer Field for Authentication

Description

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Notes: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.

Related Weaknesses