Sensitive information sent via URL parameters - Java

Sensitive information sent via URL parameters - Java

Need

Protection of sensitive information during transmission

Context

  • Usage of Java 8 for developing applications with enhanced features and performance improvements.
  • Usage of javax.servlet-api for developing Java web applications with Servlets

Description

Non compliant code

        import javax.servlet.http.*;

public class VulnerableServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        // Further processing of username and password
    }
}
        
        

The above Java Servlet code is vulnerable to sensitive information exposure through URL parameters. In this code, the doGet method is used to retrieve the username and password parameters from the URL. These parameters are then processed further in the code.

The potential vulnerabilities in this code are:

1. Stored in clear text in the browser history: The username and password parameters are appended to the URL as plain text. This means that the sensitive information (username and password) is stored in the browser history in clear text.

2. Sent to external sites via the referrer HTTP header: When navigating from one site to another, the URL of the previous site (which includes the sensitive data in the URL parameters) can be sent in the Referer HTTP header.

3. Sent to external sites via the search bar if the browser interprets the URL as a query: If the user accidentally types the URL into a search engine, the URL (which includes the sensitive data) could be sent to the search engine.

4. Visible to scripts running on the browser that may belong to third-parties: JavaScript running on the page can access the URL and therefore the sensitive data contained in the URL parameters.

This vulnerability can lead to unauthorized access to user accounts if the sensitive information is intercepted or retrieved from the locations mentioned above.

Steps

  • Avoid sending sensitive information via URL parameters.
  • Use the POST method instead of the GET method to send sensitive information.
  • Encrypt sensitive information before sending it over the network.
  • Store sensitive information securely on the server-side.
  • Implement proper access controls and authentication mechanisms to protect sensitive information.
  • Use secure communication protocols (e.g., HTTPS) to transmit sensitive information.
  • Implement secure session management to prevent unauthorized access to sensitive information.
  • Regularly update and patch the server-side code to address any security vulnerabilities.

Compliant code

        import javax.servlet.http.*;

public class SecureServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        // Further processing of username and password
    }
}
        
        

The above code is a revised version of the original servlet that had a vulnerability of sending sensitive information via URL parameters. The changes made to the code are as follows:

- The HTTP method has been changed from GET to POST. This is because the GET method appends data to the URL, which is not secure for transmitting sensitive information such as usernames and passwords. On the other hand, the POST method sends data in the body of the HTTP request, which is not visible in the URL.

- The doGet method has been replaced with the doPost method. This is to ensure that the servlet now handles POST requests instead of GET requests.

Please note that this is just a basic fix. For a more secure application, consider the following:

- Encrypt sensitive information before sending it over the network.
- Store sensitive information securely on the server-side.
- Implement proper access controls and authentication mechanisms to protect sensitive information.
- Use secure communication protocols (e.g., HTTPS) to transmit sensitive information.
- Implement secure session management to prevent unauthorized access to sensitive information.
- Regularly update and patch the server-side code to address any security vulnerabilities.

References