Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-924

  • Status

    Incomplete

Contents

Description

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

See Also

Comprehensive Categorization: Insufficient Verification of Data Authenticity

Weaknesses in this category are related to insufficient verification of data authenticity.

Data Integrity Issues

Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such ...

Verify Message Integrity

Weaknesses in this category are related to the design and architecture of a system's data integrity components. Frequently these deal with ensuring integrity of data, ...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Entries with Maintenance Notes

CWE entries in this view have maintenance notes. Maintenance notes are an indicator that an entry might change significantly in future versions. This view was created...

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.