CWE-348 - Use of Less Trusted Source

CWE-348

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Use of Less Trusted Source

Description: The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes: An attacker could utilize the untrusted data source to bypass protection mechanisms and gain access to sensitive data.

Related Weaknesses: CWE-345Insufficient Verification of Data Authenticity

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard