CWE
Home > CWE List > CWE-347 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-347 Individual Dictionary Definition (Draft 9)

Improperly Verified Signature
Weakness ID
Status: Draft

347 (Weakness Base)

Description

Summary

The software does not verify, or improperly verifies, the cryptographic signature for data.

Observed Examples
ReferenceDescription
CVE-2002-1796Does not properly verify signatures for "trusted" entities.
CVE-2005-2181Insufficient verification allows spoofing.
CVE-2005-2182Insufficient verification allows spoofing.
CVE-2002-1706Accepts a configuration file without a Message Integrity Check (MIC) signature.
Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Source Taxonomies

PLOVER - Improperly Verified Signature

Applicable Platforms

All

Page Last Updated: April 22, 2008