CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Acceptance of Extraneous Untrusted Data With Trusted Data

Description: The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Common Consequences: Scope: Access Control, Integrity
Impact: Bypass Protection Mechanism, Modify Application Data
Notes: An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.

Related Weaknesses: CWE-345Insufficient Verification of Data Authenticity

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard