logo

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Acceptance of Extraneous Untrusted Data With Trusted Data

Description

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Common Consequences

Scope: Access Control, Integrity

Impact: Bypass Protection Mechanism, Modify Application Data

Notes: An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website