CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
扩展描述
Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.
常见后果
影响范围: Integrity Confidentiality
技术影响: Gain Privileges or Assume Identity
说明: If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |