CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Causes

• This login webpage includes a weather widget from an external website: This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).,For example, user login information could easily be stolen with a single line added to weatherwidget.js:,This line of javascript changes the login form's original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site.

Remediation

• Architecture and Design: Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
• Architecture and Design: [object Object]
• Architecture and Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
• Architecture and Design,Operation: [object Object]
• Architecture and Design,Operation: Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
• Implementation: [object Object]
• Architecture and Design,Implementation: [object Object]
• Operation: Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

Detection

• Automated Static Analysis - Binary or Bytecode: [object Object]
• Manual Static Analysis - Binary or Bytecode: [object Object]
• Dynamic Analysis with Manual Results Interpretation: [object Object]
• Manual Static Analysis - Source Code: [object Object]
• Automated Static Analysis - Source Code: [object Object]
• Architecture or Design Review: [object Object]

Related CWEs

• CWE-827: Improper Control of Document Type Definition
• CWE-669: Incorrect Resource Transfer Between Spheres
• CWE-669: Incorrect Resource Transfer Between Spheres
• CWE-830: Inclusion of Web Functionality from an Untrusted Source
• CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.