Laravel Sanctum Csrf Security Misconfiguration Scanner
This scanner detects the use of Laravel Sanctum Security Misconfiguration in digital assets. The vulnerability can allow arbitrary external origins to make credentialed cross-origin requests due to a CSRF misconfiguration in the SANCTUM_STATEFUL_DOMAINS setting. Proper configuration can help mitigate unauthorized access and potential data breaches.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
22 days 13 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Laravel Sanctum is widely used for securing single-page applications with token-based authentication. It allows developers to handle various user authentication needs while ensuring a smooth experience in creating APIs for their applications. Laravel Sanctum is often utilized by development teams to implement efficient SPA authentication using cookies for first-party applications. This token-based session authentication offers security for APIs and simplicity in managing user sessions. Under standard configurations, Sanctum ensures that first-party applications can interact with APIs securely.
The Security Misconfiguration vulnerability in Laravel Sanctum can occur when the SANCTUM_STATEFUL_DOMAINS is configured with wildcard or overly permissive values. This misconfiguration allows the issue of CORS headers that permit arbitrary external origins to execute credentialed cross-origin requests. The presence of this vulnerability provides unauthenticated remote attackers with the potential to exploit and make authenticated actions on behalf of logged-in users who visit malicious pages hosted by attackers.
The identified endpoint, /sanctum/csrf-cookie, might lead to Security Misconfiguration vulnerabilities when it grants XSRF-TOKEN cookies for requesting untrusted origins. The failure to properly configure SANCTUM_STATEFUL_DOMAINS along with improper session domain setting might arise from default or overlooked configurations. CORS headers set in a permissive manner allow uncontrolled domains to interact with Sanctum-protected APIs, creating a window for exploitation.
Exploitation of this vulnerability can cause significant damage, including unauthorized access to sensitive user data and malicious actions such as modification of account settings, or initiating financial transactions. The exploited application might facilitate Cross-Site Request Forgery (CSRF) attacks aimed at victims who access malicious pages specifically crafted to exploit this misconfiguration. Users and businesses might face severe repercussions, including data theft or unauthorized operations.
REFERENCES
