CWE

Trust Boundary Violation

ID: 501		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Base

Description

The product mixes trusted and untrusted data in the same data structure or structured message.

Extended Description

By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Bypass protection mechanism

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-501 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples   (Details)

1. The following code accepts an HTTP request and stores the username parameter in the HTTP session object before checking to ensure that the user has been authenticated.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		Trust Boundary Violation

References:
None