CWE-420 – Unprotected Alternate Channel

Read Time:1 Minute, 2 Second

Description

The software protects a primary channel, but it does not use the same level of protection for an alternate channel.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-923

 

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Identify all alternate channels and use the same protection mechanisms that are used for the primary channels.

CVE References

  • CVE-2002-0567
    • DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.
  • CVE-2002-1578
    • Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.
  • CVE-2003-1035
    • User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.
  • CVE-2002-1863
    • FTP service can not be disabled even when other access controls would require it.
  • CVE-2002-0066
    • Windows named pipe created without authentication/access control, allowing configuration modification.
  • CVE-2004-1461
    • Router management interface spawns a separate TCP connection after authentication, allowing hijacking by attacker coming from the same IP address.