Improper Error Handling Security
Contents |
introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These improper error handling example messages reveal implementation details that should never be revealed. Such details can provide hackers improper error handling definition important clues on potential flaws in the site and such messages are also disturbing to normal users. Web applications frequently generate error application error message security vulnerability conditions during normal operation. Out of memory, null pointer exceptions, system call failure, database unavailable, network timeout, and hundreds of other common conditions can cause errors to be generated. These errors must be handled according to improper error handling and information leakage a well thought out scheme that will provide a meaningful error message to the user, diagnostic information to the site maintainers, and no useful information to an attacker. Even when error messages don’t provide a lot of detail, inconsistencies in such messages can still reveal important clues on how a site works, and what information is present under the covers. For example, when a user tries to access a file that does
Owasp Error Handling Cheat Sheet
not exist, the error message typically indicates, “file not found”. When accessing a file that the user is not authorized for, it indicates, “access denied”. The user is not supposed to know the file even exists, but such inconsistencies will readily reveal the presence or absence of inaccessible files or the site’s directory structure. One common security problem caused by improper error handling is the fail-open security check. All security mechanisms should deny access until specifically granted, not grant access until denied, which is a common reason why fail open errors occur. Other errors can cause the system to crash or consume significant resources, effectively denying or reducing service to legitimate users. Good error handling mechanisms should be able to handle any feasible set of inputs, while enforcing proper security. Simple error messages should be produced and logged so that their cause, whether an error in the site or a hacking attempt, can be reviewed. Error handling should not focus solely on input provided by the user, but should also include any errors that can be generated by internal components such as system calls, database queries, or any other internal functions. Environments Affected All web servers, application servers, and web application environments are susceptible to error handling problems. Examples and References OWASP Testing Gui
workings, or violate privacy through a variety of application problems. Applications can also leak internal state via how long they take to process certain operations or via different responses to differing inputs, such as displaying the same error text with
Improper Error Handling Cwe
different error numbers. Web applications will often leak information about their internal state poor error handling server error message ( 10932 ) through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful improper exception handling cwe attacks. 1 Environments Affected 2 Vulnerability 3 Verifying Security 4 Protection 5 Samples 6 Related Articles 7 References Environments Affected All web application frameworks are vulnerable to information leakage and improper error handling. https://www.owasp.org/index.php/Improper_Error_Handling Vulnerability Applications frequently generate error messages and display them to users. Many times these error messages are quite useful to attackers, as they reveal implementation details or information that is useful in exploiting a vulnerability. There are several common examples of this: Detailed error handling, where inducing an error displays too much information, such as stack traces, failed SQL statements, or other debugging information Functions that https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling produce different results based upon different inputs. For example, supplying the same username but different passwords to a login function should produce the same text for no such user, and bad password. However, many systems produce different error codes Verifying Security The goal is to verify that the application does not leak information via error messages or other means. Automated approaches: Vulnerability scanning tools will usually cause error messages to be generated. Static analysis tools can search for the use of APIs that leak information, but will not be able to verify the meaning of those messages. Manual approaches: A code review can search for improper error handling and other patterns that leak information, but it is time-consuming. Testing will also generate error messages, but knowing what error paths were covered is a challenge. Protection Developers should use tools like OWASP's WebScarab to try to make their application generate errors. Applications that have not been tested in this way will almost certainly generate unexpected error output. Applications should also include a standard exception handling architecture to prevent unwanted information from leaking to attackers. Preventing information leakage requires discipline. The following practices have proven effective: En
and Data Outsourcing Best Practices for Applications with Confidential University Data Security "Greatest Hits" Managing Passwords http://www.upenn.edu/computing/security/swat/SWAT_Top_Ten_A7.php E-mail Harassment & Forgery Hoaxes, frauds & scams Spam Phishing https://cwe.mitre.org/data/definitions/388.html Wireless Networking Encryption Best Practices Standards Secure desktop computing Secure servers Secure data deletion Securing printers Tips for safe computing Computing policies More in-depth information for Local support providers System administrators Security initiatives error handling Critical Component compliance Authentication & authorization Penn Security & Privacy Assessment (SPIA) Security Liaisons (Restricted Access) Secure Share Secure Space Vulnerability Scanner Related links Electronic privacy PennKey Viruses Worms, trojans, backdoors Top 10 Web Application Security Vulnerabilities Based on OWASP Research A7: Improper Error Handling A7.1 Description Improper improper error handling handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users. Web applications frequently generate error conditions during normal operation. Out of memory, null pointer exceptions, system call failure, database unavailable, network timeout, and hundreds of other common conditions can cause errors to be generated. These errors must be handled according to a well thought out scheme that will provide a meaningful error message to the user, diagnostic information to the site maintainers, and no useful information to an attacker. For example, if a hacker enters an inv
View Reports Mapping & Navigation About Sources Process Documents FAQs Community Use & Citations SwA On-Ramp Discussion List Discussion Archives Contact Us Scoring Prioritization CWSS CWRAF CWE/SANS Top 25 Compatibility Requirements Coverage ClaimsRepresentation Compatible Products Make a Declaration News Calendar Free Newsletter Search the Site CWE Glossary Definition Presentation Filter: --None-- Basic Summary High Level Acquisition Development Manager Development Education Vulnerability Research Mapping-Friendly CWE-388: Error Handling Error Handling Category ID: 388 (Category)Status: Draft Description Description SummaryThis category includes weaknesses that occur when an application does not properly handle errors that occur during processing. Extended Description An attacker may discover this type of error, as forcing these errors can occur with a variety of corrupt input. Common ConsequencesScopeEffect IntegrityConfidentialityTechnical Impact: Read application data; Modify files or directoriesGenerally, the consequences of improper error handling are the disclosure of the internal workings of the application to the attacker, providing details to use in further attacks. Web applications that do not properly handle error conditions frequently generate error messages such as stack traces, detailed diagnostics, and other inner details of the application. Demonstrative ExamplesExample 1In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).(Bad Code)Example Language: JavaPublic void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { ... } catch (ApplicationSpecificException ase) { logger.error("Caught: " + ase.toString()); } } Potential Mitigations Use a standard exception handling mechanism to be sure that your application properly handles all types of processing errors. All error messages sent to the user should contain as little detail as necessary to explain what happened. If the error was caused by unexpected and likely malicious input, it may be appropriate to send the user no error message other than a simple "could not process the request" response. The details of the error and its cause shoul