Websites often tend to use web caching functionality to improve user experience and enable better performance standards for the users.
Web caching reduces the load on the web server by caching frequently requested contents. Generally, static and public files are cached such as Style sheets (css), Scripts (js), Text Files (txt), Images (bmp,gif,png etc.),etc.,User specific data or private and sensitive information are not cached.
However, some misconfigurations may result in deceiving the caching servers to store local copies of sensitive data and serve them to other users. This kind of attack is known as Web Cache Deception.
The attacker adds a suffix to the path of a page containing sensitive data to make it look like a static, public asset so that the cached copy of the page is stored by the caching server.
Caches can impact the application architecture in unpredictable ways if a deficient caching architecture is implemented. Web cache deception vulnerabilities might cause the websites to be exposed to other damaging attacks other than data leaks. Operators should ensure that the caching functionalities are properly configured and the application is not affected by them.
Top comments (0)