CWE-924 – Improper Enforcement of Message Integrity During Transmission in a Communication Channel

May 26, 2022

Read Time:34 Second

Description

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

Related Weaknesses

CWE-345
CWE-345

Consequences

Integrity, Confidentiality: Gain Privileges or Assume Identity

If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

Potential Mitigations

CVE References

InCWE- 924, Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022