Read Time:33 Second
Description
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control, Integrity: Bypass Protection Mechanism, Modify Application Data
An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.
Potential Mitigations
CVE References
- CVE-2002-0018
- Does not verify that trusted entity is authoritative for all entities in its response.
- CVE-2006-5462
- use of extra data in a signature allows certificate signature forging