CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-694: Use of Multiple Resources with Duplicate Identifier

Weakness ID: 694
Abstraction: Base
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

Extended Description

If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

Language-independent

+ Common Consequences
ScopeEffect
Access Control

Technical Impact: Bypass protection mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other

Technical Impact: Quality degradation

+ Observed Examples
ReferenceDescription
chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
+ Potential Mitigations

Phase: Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003
ChildOfWeakness ClassWeakness Class573Improper Following of Specification by Caller
Development Concepts699
Research Concepts1000
ChildOfCategoryCategory984SFP Secondary Cluster: Life Cycle
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant102Struts: Duplicate Validation Forms
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base462Duplicate Key in Associative List (Alist)
Research Concepts (primary)1000
+ Relationship Notes

This weakness is probably closely associated with other issues related to doubling, such as CWE-675 (Duplicate Operations on Resource). It's often a case of an API contract violation (CWE-227).

+ Relevant Properties
  • Uniqueness
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2013-07-17CWE Content TeamMITREInternal
updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2015-12-07CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017