CWE - CWE-345: Insufficient Verification of Data Authenticity (Draft 9)

Home > CWE List > CWE-345 Individual Dictionary Definition (Draft 9)

CWE-345 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

345 (Weakness Class)

Description

Summary

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Context Notes

Terminology Note: "origin validation" could fall under this.

Relationships

Nature	Type	ID	Name
ChildOf	Category	254	Security Features
ParentOf	Weakness Variant	247	Reliance on DNS Lookups in a Security Decision
CanAlsoBe	Weakness Base	283	Unverified Ownership
ParentOf	Weakness Base	297	Failure to Validate Host-specific Certificate Data
CanAlsoBe	Weakness Base	304	Missing Critical Step in Authentication
ParentOf	Weakness Base	322	Key Exchange without Entity Authentication
ParentOf	Weakness Base	346	Origin Validation Error
ParentOf	Weakness Base	347	Improperly Verified Signature
ParentOf	Weakness Base	348	Use of Less Trusted Source
ParentOf	Weakness Base	349	Acceptance of Extraneous Untrusted Data With Trusted Data
ParentOf	Weakness Base	350	Improperly Trusted Reverse DNS
ParentOf	Weakness Base	351	Insufficient Type Distinction
ParentOf	Weakness Base	353	Failure to Add Integrity Check Value
ParentOf	Weakness Base	354	Failure to Check Integrity Check Value
CanAlsoBe	Weakness Base	358	Improperly Implemented Security Check for Standard
ParentOf	Weakness Variant	646	Taking Actions based on File Name or Extension of a User Supplied File
ParentOf	Weakness Base	649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
ParentOf	Compound Element: Composite	352	Cross-Site Request Forgery (CSRF)

Source Taxonomies

PLOVER - Insufficient Verification of Data

Applicable Platforms

All

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
4	Using Alternative IP Address Encodings

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us