General Information

Authentication Bypass via Referer Spoofing

Variants:
Direct 

Also Known As:
Referer Spoofing

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Authentication Verification, Secure Design

Invented In:
31/12/2002

Added In:
09/12/2014


Vector Operation Method:
Attackers can spoof the referer headers to bypass the security restrictions of applications that rely on the referer field for authentication or authorization enforcement.


Direct Variant:

Authentication Bypass via Referer Spoofing

Also Known As:
Referer Spoofing

Typical Severity:
Major

Learn More: