The WebSocket allows a client/server to establish a ‘full-duplex’ communication channel to the server/client over a TCP. That is, a full duplex communication allows the client and the server to communicate asynchronously. The WebSocket first sends an ‘upgrade’ acknowledgement request over the HTTP. After the request, the socket uses frames to exchange data between the communication channel. There are many servers that cannot validate origin header in the initial HTTP WebSocket handshake. This bug can lead to the server accepting connections from any origin and could also allow attackers to communicate with the WebSocket server over cross-domain. The WebSocket was introduced to make real-time data transfer between server and clients. This feature was achieved by making the server send data to the client before the client requests for the data. The WebSocket is being supported by almost all major web browsers like Chrome, Firefox and many more.
Impact
Using this vulnerability, an attacker can:-
- perform a denial of service.
- execute malicious code on the application.
Mitigation / Precaution
Beagle recommends the following fixes:-
- If any data is originating from an untrusted source, the data should be properly sanitised and encoded.
