Comprehensive Categorization: Insufficient Verification of Data Authenticity
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to insufficient verification of data authenticity.
Weaknesses
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the...
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was no...
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been ...
The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size,...
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
The product does not properly verify that the source of data or communication is valid.
The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attacke...
The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those ...
Security based on event locations are insecure and can be spoofed.
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resis...
Concepts
This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.