zero-width chars as a related CWE to CWE-1007 (Homoglyph attacks)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

zero-width chars as a related CWE to CWE-1007 (Homoglyph attacks)

Kurt Seifried
https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66

I think explicitly breaking this out makes sense, even giving someone cues that they are looking at homoglyphs (e.g. not being vulnerable to CWE-1007) can still result in invisible characters that when copied/processed will have an unexpected effect (much like XSS CWE-79). 


--
Kurt Seifried
[hidden email]
To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].