logo

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

CWE-807 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Reliance on Untrusted Inputs in a Security Decision

Description

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.

Common Consequences

Scope: Confidentiality, Access Control, Availability, Other

Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context

Notes: Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code.

Related Weaknesses
  • Release Date:
  • 2010-02-16
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website