CWE-784
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
CVE-2020-8184 (GCVE-0-2020-8184)
Vulnerability from cvelistv5
Published
2020-06-19 00:00
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision ()
Summary
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rack/rack |
Version: rack >= 2.2.3, rack >= 2.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:26.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/895727"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"
},
{
"name": "USN-4561-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4561-1/"
},
{
"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3298-1] ruby-rack security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rack/rack",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rack \u003e= 2.2.3, rack \u003e= 2.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-784",
"description": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-31T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/895727"
},
{
"url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"
},
{
"name": "USN-4561-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4561-1/"
},
{
"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3298-1] ruby-rack security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8184",
"datePublished": "2020-06-19T00:00:00",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:26.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3083 (GCVE-0-2022-3083)
Vulnerability from cvelistv5
Published
2023-02-01 20:51
Modified
2025-01-16 21:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-784 - Reliance on Cookies Without Validation and Integrity
Summary
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Landis+Gyr | E850 (ZMQ200) |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:22:07.879344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:58:19.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "E850 (ZMQ200)",
"vendor": "Landis+Gyr",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aar\u00f3n Flecha Men\u00e9ndez"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gabriel V\u00eda Echezarreta"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "S21Sec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll versions of Landis+Gyr E850 (ZMQ200) are vulnerable to\u0026nbsp;CWE-784: Reliance on Cookies Without Validation and Integrity.\u0026nbsp;The device\u0027s web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.\u003c/p\u003e"
}
],
"value": "All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to\u00a0CWE-784: Reliance on Cookies Without Validation and Integrity.\u00a0The device\u0027s web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-784",
"description": "CWE-784 Reliance on Cookies Without Validation and Integrity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T20:51:54.498Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-07"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLandis+Gyr has fixed this vulnerability and recommends users update to the latest version. For information on how to obtain this update, users should reach out to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.landisgyr.com/contact-2/\"\u003eLandis+Gyr support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nLandis+Gyr has fixed this vulnerability and recommends users update to the latest version. For information on how to obtain this update, users should reach out to Landis+Gyr support https://www.landisgyr.com/contact-2/ . \n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-3083"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3083",
"datePublished": "2023-02-01T20:51:54.498Z",
"dateReserved": "2022-09-01T18:48:48.881Z",
"dateUpdated": "2025-01-16T21:58:19.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3050 (GCVE-0-2023-3050)
Vulnerability from cvelistv5
Published
2023-06-13 11:50
Modified
2025-01-03 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Summary
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"tags": [
"exploit",
"technical-description",
"x_transferred"
],
"url": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T14:43:50.445865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:44:15.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lockcell",
"vendor": "TMT",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Efe OZEL"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Omer YILMAZ"
},
{
"lang": "en",
"type": "sponsor",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Fordefence"
}
],
"datePublic": "2023-06-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.\u003cp\u003eThis issue affects Lockcell: before 15.\u003c/p\u003e"
}
],
"value": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-784",
"description": "CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T12:26:17.304Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the software version to \u0026gt;= v.15"
}
],
"value": "Update the software version to \u003e= v.15"
}
],
"source": {
"advisory": "TR-23-0345",
"defect": [
"TR-23-0345"
],
"discovery": "INTERNAL"
},
"title": "Authentication Bypass in TMT\u0027s Lockcell",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-3050",
"datePublished": "2023-06-13T11:50:27.709Z",
"dateReserved": "2023-06-02T10:07:23.702Z",
"dateUpdated": "2025-01-03T14:44:15.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9820 (GCVE-0-2024-9820)
Vulnerability from cvelistv5
Published
2024-10-15 02:03
Modified
2024-10-15 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Summary
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dueclic | WP 2FA with Telegram |
Version: * ≤ 3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:40:39.349666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:41:01.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP 2FA with Telegram",
"vendor": "dueclic",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-784",
"description": "CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T02:03:53.185Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/two-factor-login-telegram/tags/3.0/includes/class-wp-factor-telegram-plugin.php#L228"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-09T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-09T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-10-14T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP 2FA with Telegram \u003c= 3.0 - Two-Factor Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9820",
"datePublished": "2024-10-15T02:03:53.185Z",
"dateReserved": "2024-10-10T14:24:51.483Z",
"dateUpdated": "2024-10-15T13:41:01.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Avoid using cookie data for a security-related decision.
Mitigation
Phase: Implementation
Description:
- Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.
Mitigation
Phase: Architecture and Design
Description:
- Add integrity checks to detect tampering.
Mitigation
Phase: Architecture and Design
Description:
- Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.
No CAPEC attack patterns related to this CWE.