Skip to content

Confused Deputy

Prime #
730
Origin domain
Information Security
Subdomain
access control → Information Security
Aliases
Confused Deputy Problem, Csrf, Cross Site Request Forgery

Core Idea

A confused deputy is a privileged intermediary that acts on its own authority while the intent behind the action originated with an outsider who lacks that authority. The system tracks who acted but loses whose intent it executed: effective authority composes as the union of caller and intermediary rather than the safe intersection, so intent provenance is dropped.

How would you explain it like I'm…

The Tricked Guard

Imagine a hall monitor who is allowed to open every classroom. A kid who isn't allowed to open doors says, "Hey monitor, can you open that one for me?" and the monitor does it without asking why. The monitor wasn't bad; he just forgot it wasn't really his idea. The trick worked because everyone trusted the monitor, not the kid.

Whose Wish Was It?

A Confused Deputy is a trusted helper who has special permission to do something, and gets tricked into using that permission for someone who isn't allowed. The helper is exactly who they say they are, so no one doubts them, but they've lost track of whose idea they're actually carrying out. The outsider can't open the door themselves, so instead they ask the helper in a clever way that makes the helper open it. The real problem isn't "who did this" but "whose wish made them do it," and that part gets lost.

Borrowed Authority Failure

A Confused Deputy is a privileged go-between that performs an action on its own authority while the real intent behind the action came from an outsider who couldn't do it directly. The system always knows who the actor is — the go-between is correctly identified and its credentials are valid — but it loses track of whose wish is being executed. The outsider, blocked from the target, instead addresses the go-between in a way that makes it act, effectively borrowing its privileges. The defining failure is the loss of intent provenance: every action is logged as "the deputy did this" when the load-bearing question is "whose intent produced this." The fix is not to check the actor's identity more carefully but to carry the chain of who-actually-wanted-it forward through the call.

 

A Confused Deputy is a privileged intermediary that takes an action under its own authority while the intent behind it originated with an outsider who lacks the authority to act directly. The system reliably establishes who the actor is — the intermediary is correctly authenticated and its identity is not in dispute — but it loses track of whose wish the actor is executing. Unable to act on the target directly, the outsider addresses the intermediary in a way that induces it to act, and thereby borrows its privileges; the defining failure is the loss of intent provenance, since every action enters the record as "the intermediary did this" when the real question is whose intent produced it. The pattern carries four commitments: a triad of outsider, intermediary, and target; address-rather-than-execute, where the outsider can only induce rather than directly operate; authority elision at the boundary, where only the intermediary's authority is checked and the originator's intent is silently fused in; and a defence surface of intent-provenance rather than authentication. The sharpest framing is in terms of authority composition: an action routed through an intermediary should have effective authority equal to the intersection of caller and intermediary, permitted only if both were entitled. A confused-deputy system instead computes the union — the intermediary's ambient authority applied to an intent it did not generate, with the originator's lack of authority invisible. Any design granting an intermediary standing authority and then letting outsiders direct it without re-checking the originator inherits the flaw, in any medium.

Broad Use

  • Information security: server-side request forgery (a server fetches an outsider-supplied URL reaching internal resources); cross-site request forgery; signing-oracle attacks.
  • Financial fraud: a fraudster directs a trusted treasurer's system so the bank sees the treasurer's authority, not the fraudster's intent.
  • Agency law (apparent authority): an agent's act binds a principal when third parties reasonably believed it authorized, though the principal never intended it.
  • Clinical authority chains: a senior's signature converts a junior's instruction into an authoritative order, attributed to the senior's authority.
  • Voice assistants: a broadcast saying "order paper towels" makes a device act on the household's authority because it cannot separate intent from ambient audio.

Clarity

It dissolves the seductive defence "but the intermediary was properly authenticated" by shifting the question from who acted? to whose intent produced the act?, and predicts that privilege on a directable intermediary is a liability.

Manages Complexity

It collapses SSRF, CSRF, wire fraud, and apparent-authority disputes into one defect (union-not-intersection) with three fixes: capability-passing, caller-aware authorization, or out-of-band confirmation.

Abstract Reasoning

It trains a reasoner to ask of any intermediary whether its authority composes with the caller's by intersection (safe) or union (vulnerable), and where the originator's identity was dropped from the record.

Knowledge Transfer

  • Security → finance: the SSRF fix (re-attach intent provenance) is the wire-fraud fix (out-of-band confirmation of the originating request).
  • Computing → law: capability-passing reappears as agency law's scope-of-authority notices and ratification requirements.
  • General: the invariant transfers everywhere — accumulating privilege on a directable intermediary increases its vulnerability.

Example

An external user supplies a URL pointing at a cloud metadata endpoint; the public-facing server, trusted inside the network, fetches it on its own authority — so the empty intersection of the outsider's (none) and the server's (full) authority is silently computed as a union, and stronger authentication cannot help.

Relationships to Other Primes

One-hop neighborhood: parents above, mutual partners to the right, children below.Confused Deputysubsumption: Untrusted Input ExecutionUntrustedInput Execution

Parents (1) — more general patterns this builds on

Path to root: Confused DeputyUntrusted Input Execution

Not to Be Confused With

  • Confused Deputy is not Consent because consent is a party's authorization for an action affecting them whereas the intermediary's authority is valid and undisputed — the failure is mis-attributed intent, not missing consent.
  • Confused Deputy is not Trust because the vulnerability arises even with fully trustworthy parties — it is an authority-composition defect, not a trust relationship gone wrong.
  • Confused Deputy is not Authority Delegation Under Uncertainty because delegation is deliberately granting discretion whereas the deputy is authority borrowed without anyone granting it.