CWE-924 Detail

CWE-924

Name

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Status

Incomplete

Published

2013-07-17
00h00 +00:00

Modified

2023-06-29
00h00 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

CWE Description

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

General Informations

Modes Of Introduction

Architecture and Design : REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Integrity Confidentiality	Gain Privileges or Assume Identity Note: If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

NotesNotes

This entry should be made more comprehensive in later CWE versions, as it is likely an important design flaw that underlies (or chains to) other weaknesses.

Submission

Name	Organization	Date	Date release	Version
CWE Content Team	MITRE	2013-06-23 +00:00	2013-07-17 +00:00	2.5

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2017-11-08 +00:00	updated Modes_of_Introduction, Relationships
CWE Content Team	MITRE	2019-06-20 +00:00	updated Relationships, Type
CWE Content Team	MITRE	2020-02-24 +00:00	updated Description, Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Maintenance_Notes
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes