CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.