CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')


An upstream component gives the software a message or directives. The weakness exists due to the software disability to save the premordial request and transmit it to the external actor that is not controlled by it. Because of this failure the software acts as a proxy or other inermediary between the upstream component and external actor.
If the attacker wants to get straight connection with the target, he can just send a request to the software and it will be perceived as the software request that will allow malicious users to bypass security mechanisms.
As proxy usually serves as legitimate goal, the vulnerability can take place if:
1. The software works on different privileges or its levels of access differentiate from the upstream component;
2. The attacker makes request not directly to the target;
3. The attacker's requests point to unexpected hostname, port number or service or allowed pages but with disallowed directives, commands, or resources.
The weakness is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-441


Description of CWE-441 on Mitre website