Read Time:31 Second

Description

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-345
CWE-345

 

Consequences

Access Control, Integrity, Confidentiality: Gain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands

An attacker could gain access to sensitive data and possibly execute unauthorized code.

 

Potential Mitigations

CVE References

  • CVE-2002-1796
    • Does not properly verify signatures for “trusted” entities.
  • CVE-2002-1706
    • Accepts a configuration file without a Message Integrity Check (MIC) signature.