Client Side Vulnerabilities / Browser Storage

Description

Browser Storage is a type of Client Side Vulnerability (CWE-79) which permits unvalidated data to be stored on the browser. This vulnerability is most commonly found in web and API applications, where it can be exploited by a malicious attacker to extract sensitive user data, such as passwords, session tokens, and personal information. According to the OWASP Testing Guide, the most common form of browser storage is the use of cookies, which can be used to store user credentials and other data. Additionally, the use of HTML5 Web Storage and IndexedDB are also vulnerable to this type of attack.

Risk

Browser Storage Vulnerability carries a high risk as it can be exploited by an attacker to gain access to sensitive user data. An attacker can also use this vulnerability to track a user's activity, or to launch further attacks, such as phishing.

Solution

The best way to mitigate the risk of Browser Storage Vulnerability is to ensure that all data stored on the browser is validated and encrypted. Additionally, it is important to ensure that all sensitive user data is stored securely, and not exposed to the client side.

Example

The following example shows how a malicious attacker could exploit the Browser Storage Vulnerability to obtain a user's session token.

<script>
  var user_token = window.localStorage.getItem('user_token');
  if(user_token) {
    // send user_token to attacker's server
  }
</script>