[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Insufficient Verification of Data Authenticity

ID: 345Date: (C)2012-05-14   (M)2017-11-07
Type: weaknessStatus: DRAFT
Abstraction Type: Class





Description

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Other
 
Varies by context
Unexpected state
 
 

Detection Methods
None

Potential Mitigations
None

Relationships
"origin validation" could fall under this.

Related CWETypeViewChain
CWE-345 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Insufficient Verification of Data
 
 
OWASP Top Ten 2004 A3
 
Broken Authentication and Session Management
 
CWE_More_Specific
 
WASC 12
 
Content Spoofing
 
 

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 15: Not Updating Easily." Page 231'. Published on 2010.

© 2013 SecPod Technologies