{"@ID": "923", "@Name": "Improper Restriction of Communication Channel to Intended Endpoints", "@Abstraction": "Class", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.", "Extended_Description": {"xhtml:p": ["Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint.", "While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness."]}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "284", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant"}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": [{"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}, {"@Class": "Web Based", "@Prevalence": "Undetermined"}, {"@Name": "Web Server", "@Prevalence": "Undetermined"}]}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Architecture and Design", "Note": "REALIZATION: This weakness is caused during implementation of an architectural security tactic."}}, "Common_Consequences": {"Consequence": {"Scope": ["Integrity", "Confidentiality"], "Impact": "Gain Privileges or Assume Identity", "Note": "If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)", "Effectiveness": "High"}}, "Demonstrative_Examples": {"Demonstrative_Example": [{"@Demonstrative_Example_ID": "DX-208", "Intro_Text": "These cross-domain policy files mean to allow Flash and Silverlight applications hosted on other domains to access its data:", "Body_Text": ["Flash crossdomain.xml :", "Silverlight clientaccesspolicy.xml :", "These entries are far too permissive, allowing any Flash or Silverlight application to send requests. A malicious application hosted on any other web site will be able to send requests on behalf of any user tricked into executing it."], "Example_Code": [{"@Nature": "Bad", "@Language": "XML", "xhtml:div": {"xhtml:br": [null, null, null, null], "#text": "<cross-domain-policy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"xsi:noNamespaceSchemaLocation=\"http://www.adobe.com/xml/schemas/PolicyFile.xsd\"><allow-access-from domain=\"*.example.com\"/><allow-access-from domain=\"*\"/></cross-domain-policy>"}}, {"@Nature": "Bad", "@Language": "XML", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null, null, null, null, null, null, null], "#text": "<?xml version=\"1.0\" encoding=\"utf-8\"?><access-policy><cross-domain-access><policy><allow-from http-request-headers=\"SOAPAction\"><domain uri=\"*\"/></allow-from><grant-to><resource path=\"/\" include-subpaths=\"true\"/></grant-to></policy></cross-domain-access></access-policy>"}}]}, {"@Demonstrative_Example_ID": "DX-112", "Intro_Text": "This Android application will remove a user account when it receives an intent to do so:", "Example_Code": {"@Nature": "Bad", "@Language": "Java", "xhtml:div": {"xhtml:br": [null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "#text": "int userID = intent.getIntExtra(\"userID\");destroyUserData(userID);"}, "#text": "@Overridepublic void onReceive(Context context, Intent intent) {}"}, "#text": "IntentFilter filter = new IntentFilter(\"com.example.RemoveUser\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);\n                     public class DeleteReceiver extends BroadcastReceiver {}"}}, "Body_Text": "This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."}]}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2022-30319", "Description": "S-bus functionality in a home automation product performs access control using an IP allowlist, which can be bypassed by a forged IP address.", "Link": "https://www.cve.org/CVERecord?id=CVE-2022-30319"}, {"Reference": "CVE-2022-22547", "Description": "A troubleshooting tool exposes a web server on a random port between 9000-65535 that could be used for information gathering", "Link": "https://www.cve.org/CVERecord?id=CVE-2022-22547"}, {"Reference": "CVE-2022-4390", "Description": "A WAN interface on a router has firewall restrictions enabled for IPv4, but it does not for IPv6, which is enabled by default", "Link": "https://www.cve.org/CVERecord?id=CVE-2022-4390"}, {"Reference": "CVE-2012-2292", "Description": "Product has a Silverlight cross-domain policy that does not restrict access to another application, which allows remote attackers to bypass the Same Origin Policy.", "Link": "https://www.cve.org/CVERecord?id=CVE-2012-2292"}, {"Reference": "CVE-2012-5810", "Description": "Mobile banking application does not verify hostname, leading to financial loss.", "Link": "https://www.cve.org/CVERecord?id=CVE-2012-5810"}, {"Reference": "CVE-2014-1266", "Description": "Chain: incorrect \"goto\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \"goto fail\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint). The code's whitespace indentation did not reflect the actual control flow (CWE-1114) and did not explicitly delimit the block (CWE-483), which could have made it more difficult for human code auditors to detect the vulnerability.", "Link": "https://www.cve.org/CVERecord?id=CVE-2014-1266"}, {"Reference": "CVE-2000-1218", "Description": "DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning", "Link": "https://www.cve.org/CVERecord?id=CVE-2000-1218"}]}, "Related_Attack_Patterns": {"Related_Attack_Pattern": [{"@CAPEC_ID": "161"}, {"@CAPEC_ID": "481"}, {"@CAPEC_ID": "501"}, {"@CAPEC_ID": "697"}]}, "Mapping_Notes": {"Usage": "Allowed-with-Review", "Rationale": "This CWE entry is a Class and might have Base-level children that would be more appropriate", "Comments": "Examine children of this entry to see if there is a better fit", "Reasons": {"Reason": {"@Type": "Abstraction"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2013-06-23", "Submission_Version": "2.5", "Submission_ReleaseDate": "2013-07-17"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-02-18", "Modification_Version": "2.6", "Modification_ReleaseDate": "2014-02-19", "Modification_Comment": "updated Description, Name, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Modes_of_Introduction, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Maintenance_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Related_Attack_Patterns, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description, Related_Attack_Patterns, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Detection_Factors, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2024-02-29", "Modification_Version": "4.14", "Modification_ReleaseDate": "2024-02-29", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Observed_Examples, Weakness_Ordinalities"}], "Previous_Entry_Name": {"@Date": "2014-02-18", "#text": "Improper Authentication of Endpoint in a Communication Channel"}}}
