Communication Channel Errors
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from t...
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system beha...
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was no...
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is ...
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
The product performs a key exchange with an actor without verifying the identity of that actor.
The product does not properly verify that the source of data or communication is valid.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the reques...
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...