CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

Description

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Submission Date :

June 23, 2013, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint.

While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-284: Improper Access Control
Go to
CWE-291: Reliance on IP Address for Authentication
Go to
CWE-297: Improper Validation of Certificate with Host Mismatch
Go to
CWE-300: Channel Accessible by Non-Endpoint
Go to
CWE-322: Key Exchange without Entity Authentication
Go to
CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
Go to
CWE-419: Unprotected Primary Channel
Go to
CWE-420: Unprotected Alternate Channel
Go to
CWE-940: Improper Verification of Source of a Communication Channel
Go to
CWE-941: Incorrectly Specified Destination in a Communication Channel
Go to
CWE-942: Permissive Cross-domain Policy with Untrusted Domains
Go to
CWE-1275: Sensitive Cookie with Improper SameSite Attribute
Go to

Visit http://cwe.mitre.org/ for more details.