Data Integrity Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such as messages, resource files, deployment files, and configuration files. The weaknesses in this category could lead to a degradation of data integrity quality if they are not addressed.
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was no...
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been ...
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
The product performs a key exchange with an actor without verifying the identity of that actor.
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
The product does not properly verify that the source of data or communication is valid.
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for th...
The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those ...
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resis...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...