Verify Message Integrity

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the design and architecture of a system's data integrity components. Frequently these deal with ensuring integrity of data, such as messages, resource files, deployment files, and configuration files. The weaknesses in this category could lead to a degradation of data integrity quality if they are not addressed when designing or implementing a secure architecture.

Weaknesses

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was n...

Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from...

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been...

Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Reliance on Cookies without Validation and Integrity Checking

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid fo...

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if thos...

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Concepts

Architectural Concepts

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be ma...

See Also

  1. A Catalog of Security Architecture Weaknesses.

    2017 IEEE International Conference on Software Architecture (ICSA)

  2. Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

    2017 IEEE International Conference on Software Architecture (ICSA)


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.