Authentication Bypass via Referer Spoofing
Variants:
Direct
Also Known As:
Referer Spoofing
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Authentication Verification, Secure Design
Invented In:
31/12/2002
Added In:
09/12/2014
Vector Operation Method:
Attackers can spoof the referer headers to bypass the security restrictions of applications that rely on the referer field for authentication or authorization enforcement.
