Communication Channel Errors
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.
A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from t...
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system beha...
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was n...
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is...
The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
The software performs a key exchange with an actor without verifying the identity of that actor.
The software does not properly verify that the source of data or communication is valid.
The software protects a primary channel, but it does not use the same level of protection for an alternate channel.
The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...