[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Insufficient Verification of Data Authenticity

ID: 345Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Class





Description

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Other
 		Varies by context
Unexpected state
 		 

Detection Methods
None

Potential Mitigations
None

Relationships
"origin validation" could fall under this.

Related CWETypeViewChain
CWE-345 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Insufficient Verification of Data
 		 
OWASP Top Ten 2004 A3
 		Broken Authentication and Session Management
 		CWE_More_Specific
 
WASC 12
 		Content Spoofing
 		 

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 15: Not Updating Easily." Page 231'. Published on 2010.
CVE    180
CVE-2016-1000004
CVE-2016-1493
CVE-2016-2309
CVE-2016-2346
...

© SecPod Technologies