CWE-924 通信信道中传输过程中消息完整性的不正确执行

  • A+
所属分类:CWE(弱点枚举)

CWE-924 通信信道中传输过程中消息完整性的不正确执行

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

扩展描述

A man-in-the-middle (MITM) attacker might be able to modify the message and spoof the endpoint.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 1003 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Integrity', 'Confidentiality'] Gain Privileges or Assume Identity If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

Notes

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: