Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

  • Source

    CWE Catalog - 4.3

  • Identifier

    CWE-924

  • Status

    Incomplete

Contents

Description

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

See Also

Data Integrity Issues

Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such ...

Verify Message Integrity

Weaknesses in this category are related to the design and architecture of a system's data integrity components. Frequently these deal with ensuring integrity of data, ...

Communication Channel Errors

Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or re...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.