CWE-807 - Reliance on Untrusted Inputs in a Security Decision
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2010-02-16
- Latest Modification Date:2023-06-29
Weakness Name
Reliance on Untrusted Inputs in a Security Decision
Description
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.
Common Consequences
Scope: Confidentiality, Access Control, Availability, Other
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context
Notes: Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code.
