CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CWE-924

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Description: The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Common Consequences: Scope: Integrity, Confidentiality
Impact: Gain Privileges or Assume Identity
Notes: If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

Related Weaknesses: CWE-345Insufficient Verification of Data Authenticity

Release Date:
2013-07-17

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard