CWE-694

Use of Multiple Resources with Duplicate Identifier

Base

Incomplete

Description

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Parent Weaknesses (ChildOf)

CWE-573: Improper Following of Specific...

CWE-99: Improper Control of Resource I...

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

Scope

Other

Impact

Quality Degradation

Potential Mitigations

Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

CVE-2013-4787

chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now