Data Integrity Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such as messages, resource files, deployment files, and configuration files. The weaknesses in this category could lead to a degradation of data integrity quality if they are not addressed.
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was n...
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been...
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.
The software performs a key exchange with an actor without verifying the identity of that actor.
The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
The software does not properly verify that the source of data or communication is valid.
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid fo...
The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if thos...
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resi...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...