CWE-694: Use of Multiple Resources with Duplicate Identifier
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
扩展描述
If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.
影响范围: Other
技术影响: Quality Degradation
潜在缓解措施
阶段: Architecture and Design
描述: Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
观察示例
参考: CVE-2013-4787
chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |