Read Time:31 Second
Description
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control, Integrity, Confidentiality: Gain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands
An attacker could gain access to sensitive data and possibly execute unauthorized code.
Potential Mitigations
CVE References
- CVE-2002-1796
- Does not properly verify signatures for “trusted” entities.
- CVE-2005-2181
- Insufficient verification allows spoofing.
- CVE-2005-2182
- Insufficient verification allows spoofing.
- CVE-2002-1706
- Accepts a configuration file without a Message Integrity Check (MIC) signature.