Insecure Web Storage


Description

The application stores sensitive data in Web Storage. Web Storage is a feature added in a Web Storage specification for HTML5 for storing name-value pairs on the client side. The specification provides an API for storing and retrieving up to 5 MB of data that is never sent to the server and can only be accessed from within the same origin. Data can be stored in localStorage, which survives closing of the browser and computer reboots or sessionStorage which lasts the duration of an HTTP session. Sensitive information stored in Web Storage is vulnerable because attackers can access the data either through JavaScript or by having local access to the computer.

Impact

An attacker with local access to a computer such as in a shared kiosk scenario can directly access Web Storage. In the case of localStorage, the window of attack is increased because the data survives browser closing and reboots.  In addition, since Web Storage is accessible through JavaScript, an attacker can use a XSS vulnerability to read or write to Web Storage. If session IDs, credentials, or encryption keys are stored, an attacker could gain access to the application as the user or decrypt sensitive information. If values stored in Web Storage are used for application decisions, an attacker could update the values in order to interfere with business logic.  

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply