| VID |
210150 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Also known as Offline Storage, Web Storage. Underlying storage mechanism may vary from one user agent to the next. In other words, any authentication your application requires can be bypassed by a user with local privileges to the machine on which the data is stored. Therefore, it's recommended not to store any sensitive information in local storage.
Use the object sessionStorage instead of localStorage if persistent storage is not needed. sessionStorage object is available only to that window/tab until the window is closed.
A single Cross Site Scripting can be used to steal all the data in these objects, so again it's recommended not to store sensitive information in local storage.
A single Cross Site Scripting can be used to load malicious data into these objects too, so don't consider objects in these to be trusted.
Do not store session identifiers in local storage as the data is always accesible by JavaScript. Cookies can mitigate this risk using the httpOnly flag.
There is no way to restrict the visibility of an object to a specific path like with the attribute path of HTTP Cookies, every object is shared within an origin and protected with the Same Origin Policy.
* References:
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Pay extra attention to ¡°localStorage.getItem¡± and ¡°setItem¡± calls implemented in HTML5 page. It helps in detecting when developers build solutions that put sensitive information in local storage.
Avoid host multiple applications on the same origin, all of them would share the same localStorage object, use different subdomains instead. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
