CWE-345: Insufficient Verification of Data Authenticity
Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications. Multiple vendors did not sign firmware images.
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-20: Improper Input Validation
CWE-346: Origin Validation Error
CWE-347: Improper Verification of Cryptographic Signature
CWE-348: Use of Less Trusted Source
CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-351: Insufficient Type Distinction
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-353: Missing Support for Integrity Check
CWE-354: Improper Validation of Integrity Check Value
CWE-358: Improperly Implemented Security Check for Standard
CWE-360: Trust of System Event Data
CWE-494: Download of Code Without Integrity Check
CWE-616: Incomplete Identification of Uploaded File Variables (PHP)
CWE-646: Reliance on File Name or Extension of Externally-Supplied File
CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
CWE-693: Protection Mechanism Failure
CWE-708: Incorrect Ownership Assignment
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-1293: Missing Source Correlation of Multiple Independent Data
CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Visit http://cwe.mitre.org/ for more details.