Wednesday, December 30, 2015

What is Confused Deputy Attack ?

What is Confused Deputy Attack ?

Let's look at a simple example first to understand what Confused Deputy Attack is.

Suppose, a client sends name of an input file and output file to the server. The server compiles the input file and stores it in the output file. Let's also assume that, the client has less privilege than the server.

Now, also assume there is another file “restricted” on which the server has permission where the client does not. At this point, if the client sends an arbitrary input file and “restricted” as output file, the server will compile the input file and write it to the file “restricted”, overwriting its previous content. Here, the client did not have permission to “restricted”, but server had. So, the server here is a deputy who was exploited to perform a malicious action. This type of problems are called Confused Deputy Attack.

Are there any real life examples of Confused Deputy Attack ?


There are a number of examples of Confused Deputy Attack.

  • Cross-site request forgery is an example of Confused Deputy Attack. Web applications normally use a cookie to authenticate all requests transmitted by a browser. An attacker can take advantage of that and use JavaScript to submit an authenticated HTTP request using authority of the client of the web browser.
  • Clickjacking is another example of Confused Deputy Attack. A user visits an attacker controlled website and thinks he is harmlessly browsing a website. But actually, he is tricked to act as a confused deputy and performs sensitive actions to get infected by malware.
  • FTP Bounce Attack is an example of Confused Deputy Attack. In this attack, an attacker uses PORT command and uses a victim machine's FTP Server to get access to TCP ports to which the attacker himself has to permission to connect to. Here, the FTP Server is the confused deputy.

How to prevent Confused Deputy Attack ?

Yes, the client can send the input file and capability of the output file to the server, where a capability of a file is the name of the file, along with permission on the file of the client. As a result, if the client does not have permission on the output file, it won't be able to overwrite it.

In the example of Cross-site request forgery, a URL supplied cross site would use its own authority irrespective of the authority of the client of the web browser.

This was an informative article on Confused Deputy Attack. Hope you liked it.

No comments:

Post a Comment