Authentication / Silverlight Cross-Domain Policy
Silverlight cross-domain policy is an authentication vulnerability that exists in web and API applications utilizing Silverlight (Microsoft's Rich Internet Application platform) and is classified under CWE-287 (Improper Authentication). This vulnerability results from Silverlight not properly validating the origin of cross-domain requests, allowing malicious domain owners to bypass the intended security mechanisms of the application. It can lead to potential exploitation of the application and data leakage. Reference: OWASP Testing Guide v4
The risk of this authentication vulnerability is considered high, as it can lead to data leakage or even complete takeover of the application. An attacker may modify or alter requests and responses, which can lead to data disclosure or other malicious activities.
To mitigate the risk of this vulnerability, developers should consider implementing the latest security features of Silverlight in order to prevent cross-domain requests from being accepted. Utilizing the built-in security mechanisms of Silverlight, such as the Cross-domain policy file (clientaccesspolicy.xml) and the Access control list (acl.xml), will help protect the application from unauthorized access.
The following code sample (taken from CVE-2016-0020) shows how a malicious domain owner could bypass the Silverlight cross-domain policy and gain access to the application:
<script> var http = new XMLHttpRequest(); http.open('POST', 'http://victim.example.com/protected-data', true); http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); http.send('data=maliciousData'); </script>