Read Time:50 Second

Description

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-99
CWE-573

 

Consequences

Access Control: Bypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other: Quality Degradation

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

CVE References

 

  • CVE-2013-4787
    • chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.