Origin Validation Error
Draft Class
Structure: Simple
Description
The product does not properly verify that the source of data or communication is valid.
Common Consequences 1
Scope: Access ControlOther
Impact: Gain Privileges or Assume IdentityVaries by Context
An attacker can access any functionality that is inadvertently accessible to the source.
Demonstrative Examples 2
ID : DX-112
This Android application will remove a user account when it receives an intent to do so:Code Example:
Bad
Java
javaThis application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file.
ID : DX-109
These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:Code Example:
Bad
Java
// Android* @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ ``` if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }
Code Example:
Bad
Objective-C
// iOS* -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { ``` NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) {
objective-cA call into native code can then be initiated by passing parameters within the URL:
Code Example:
Attack
JavaScript
javascriptBecause the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site.
Observed Examples 10
CVE-2000-1218DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
CVE-2018-6074Browser does not set Mark-of-the-Web (MotW) for a downloaded .EXE file if the name is close to the maximum path length, preventing recording of a zone identifier in the filename
CVE-2025-0411Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2025-46652Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2005-0877DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
CVE-2001-1452DNS server caches glue records received from non-delegated name servers
CVE-2005-2188user ID obtained from untrusted source (URL)
CVE-2003-0174LDAP service does not verify if a particular attribute was set by the LDAP server
CVE-1999-1549product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
CVE-2003-0981product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
References 1
A Taxonomy of Security Faults in the UNIX Operating System
Taimur Aslam
01-08-1995
https://cwe.mitre.org/documents/sources/ATaxonomyofSecurityFaultsintheUNIXOperatingSystem%5BAslam95%5D.pdf(2024-11-17)
ID: REF-324
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
- 21DEPRECATED: Pathname Traversal and Equivalence Errors
- 59Improper Link Resolution Before File Access ('Link Following')
- 60DEPRECATED: UNIX Path Link Problems
- 75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
- 76Improper Neutralization of Equivalent Special Elements
- 89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- 111Direct Use of Unsafe JNI
- 141Improper Neutralization of Parameter/Argument Delimiters
- 142Improper Neutralization of Value Delimiters
- 160Improper Neutralization of Leading Special Elements
- 384Session Fixation
- 385Covert Timing Channel
- 386Symbolic Name not Mapping to Correct Object
- 387Signal Errors
- 3887PK - Errors
- 510Trapdoor
Related Weaknesses
Taxonomy Mapping
- PLOVER
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
Notes
MaintenanceThis entry has some significant overlap with other CWE entries and may need some clarification. See terminology notes.
TerminologyThe "Origin Validation Error" term was originally used in a 1995 thesis [REF-324]. Although not formally defined, an issue is considered to be an origin validation error if either (1) "an object [accepts] input from an unauthorized subject," or (2) "the system [fails] to properly or completely authenticate a subject." A later section says that an origin validation error can occur when the system (1) "does not properly authenticate a user or process" or (2) "does not properly authenticate the shared data or libraries." The only example provided in the thesis (covered by OSVDB:57615) involves a setuid program running command-line arguments without dropping privileges. So, this definition (and its examples in the thesis) effectively cover other weaknesses such as Improper Authentication (Improper Authentication), Improper Authorization (Improper Authorization), and Execution with Unnecessary Privileges (Execution with Unnecessary Privileges). There appears to be little usage of this term today, except in the SecurityFocus vulnerability database, where the term is used for a variety of issues, including web-browser problems that allow violation of the Same Origin Policy and improper validation of the source of an incoming message.