Input Validation / Insecure Hostname Validation Check

Description

Insecure hostname validation check (CWE-295) is a type of input validation vulnerability that occurs when an application or system does not properly validate the hostname of requests from a client. This vulnerability is common in mobile applications (iOS and Android) and can lead to man-in-the-middle attacks. According to the OWASP Testing Guide, this vulnerability can be exploited by manipulating the hostname of the request and sending it to the application or system. This can allow attackers to bypass authentication, modify requests, and access sensitive information.

Risk

Insecure hostname validation check is a critical vulnerability, as it can lead to a range of attacks that allow attackers to access sensitive information, modify requests, and bypass authentication. If exploited, this vulnerability can lead to large-scale data breaches, financial losses, and reputational damage.

Solution

To mitigate the risk of insecure hostname validation check, applications and systems should always perform stringent validation checks on the hostname of incoming requests. This can be done by implementing a whitelist of valid hostnames that are allowed to access the application or system. Furthermore, applications and systems should also check for any unexpected characters or requests that are not part of the whitelist.

Example

Below is an example of the code from the CVE-2020-14107 vulnerability, which is an insecure hostname validation check vulnerability affecting the libcurl library.

	 if(!data->set.ssl.verifyhost && !data->set.proxy_ssl.verifyhost)
		goto end;

In this example, the application or system is not performing any hostname validation checks on requests. This can potentially allow attackers to manipulate the hostname of requests and gain access to sensitive information.