CWE-694 - Use of Multiple Resources with Duplicate Identifier

Read Time:50 Second

Description

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

Related Weaknesses

CWE-99
CWE-573

Consequences

Access Control: Bypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other: Quality Degradation

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description:

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

CVE References

CVE-2013-4787
- chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.

Cyber Security News

CWE-694 – Use of Multiple Resources with Duplicate Identifier

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more