CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Base

Incomplete

Description

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Parent Weaknesses (ChildOf)

CWE-345: Insufficient Verification of D...

Common Consequences

Scope

Integrity

Confidentiality

Impact

Gain Privileges or Assume Identity

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Description

Relationships

Common Consequences

Applicable Platforms