Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]

    This feature enhances security in ServiceNow instances by enforcing strict validation of Cross-Site Request Forgery (CSRF) tokens. It prevents users from bypassing CSRF validation warnings, thereby blocking malicious POST requests that exploit mismatched or reused anti-CSRF tokens from other active user sessions.

    Show full answer Show less

    Key Features

    • Strict CSRF Token Validation: Controlled by the system property glide.security.csrf.strict.validation.mode, which should be set to true to enable strict enforcement.
    • Prevention of Request Resubmission: When strict mode is enabled, the security interceptor page no longer shows a "Continue" button allowing users to resend requests with a valid token, thus preventing potential CSRF attacks.
    • Protection Against Token Reuse: The system checks if the CSRF token has been previously used and blocks further write requests using the same token.

    Key Outcomes

    • Mitigates CSRF Attacks: By enforcing strict token validation, it stops attackers from leveraging leaked tokens from other active sessions to perform unauthorized operations.
    • Maintains Instance Data Integrity: Prevents malicious requests that could compromise data or perform actions on behalf of users without their consent.
    • Improves Security Posture: Adopting this property reduces the medium-rated security risk associated with CSRF vulnerabilities in ServiceNow.

    Practical Guidance for ServiceNow Customers

    To protect your instance from CSRF attacks, ensure that the glide.security.csrf.strict.validation.mode system property is set to true. This setting disables the option for users to bypass CSRF token mismatches by resubmitting requests, thereby enforcing strict validation and preventing unauthorized actions. This configuration helps maintain secure session integrity and protects users from social engineering exploits that rely on CSRF weaknesses.

    Use the glide.security.csrf.strict.validation.mode property to enable CSRF token strict validation. If the CSRF token doesn't match, it prevents resubmission of the request.

    This property prevents users from being able to accept a warning which allows a potentially malicious request to be sent to the instance. This warning appears when a POST request fails due to having a mis-matched anti-CSRF token belonging to one of the victim's other active sessions. If glide.security.csrf.strict.validation.mode is not set to the recommended value of true, then an attacker can formulate a CSRF attack utilizing a leaked anti-CSRF token from a different active session belonging to the victim. A POST request to an instance contains an anti-CSRF token within "sysparm_ck" or "X-UserToken" which matches the user's current session.

    If the anti-CSRF token is instead tied to one of the user's other active sessions, the POST request will return a 302 redirection to security_interceptor.do with a Continue button available to the user when this property is set to false. Clicking this button will re-submit the request to the instance, except it will now having a valid anti-CSRF token. When this property is set to true, the 302 redirection to the security_interceptor.do page will not display a Continue button and the user will not be allowed to resubmit the request.A successful CSRF attack will allow an attacker to effectively perform any operation that the victim is able to perform.

    More information

    Attribute Description
    Property name glide.security.csrf.strict.validation.mode
    Configuration type System Properties (/sys_properties_list.do)
    Category Access control
    Purpose To enforce strict validation of CSRF token, and prevents its reuse.
    Data type boolean
    Recommended value true
    Default value true
    Security risk rating (Medium) Cross site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack on any instance user by abusing the trust of the instance user. With the help of social engineering attacks, a user can submit a malformed request to the instance on behalf of the attacker.
    Security risk rating 3.7
    Functional impact This remediation enables an extra validation step before the instance user submits a write request to the instance. It checks whether the current CSRF token has been used previously. If Yes, it prevents submission of further write requests.
    Security risk (Medium) Cross site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack on any instance user by abusing the trust of the instance user. With the help of social engineering attacks, a user can submit a malformed request to the instance on behalf of the attacker.

    Return to Configure and upload your customer supplied key to upload your wrapped key.