Insufficient Verification of Data Authenticity |
Weakness ID: 345 (Weakness Class) | Status: Draft |
Description Summary
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 254 | Security Features | Development Concepts (primary)699 |
ChildOf | ![]() | 693 | Protection Mechanism Failure | Research Concepts (primary)1000 |
ChildOf | ![]() | 724 | OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | ![]() | 247 | Reliance on DNS Lookups in a Security Decision | Research Concepts1000 |
ParentOf | ![]() | 297 | Improper Validation of Host-specific Certificate Data | Research Concepts (primary)1000 |
ParentOf | ![]() | 322 | Key Exchange without Entity Authentication | Research Concepts1000 |
ParentOf | ![]() | 346 | Origin Validation Error | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 347 | Improper Verification of Cryptographic Signature | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 348 | Use of Less Trusted Source | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 349 | Acceptance of Extraneous Untrusted Data With Trusted Data | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 350 | Improperly Trusted Reverse DNS | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 351 | Insufficient Type Distinction | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 352 | Cross-Site Request Forgery (CSRF) | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 353 | Failure to Add Integrity Check Value | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 354 | Improper Validation of Integrity Check Value | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 360 | Trust of System Event Data | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 616 | Incomplete Identification of Uploaded File Variables (PHP) | Research Concepts (primary)1000 |
ParentOf | ![]() | 646 | Reliance on File Name or Extension of Externally-Supplied File | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 649 | Reliance on Obfuscation or SecurityDatabase\Encrypt\Encryption of Security-Relevant Inputs without Integrity Checking | Development Concepts (primary)699 Research Concepts (primary)1000 |
CanAlsoBe | ![]() | 283 | Unverified Ownership | Research Concepts1000 |
CanAlsoBe | ![]() | 358 | Improperly Implemented Security Check for Standard | Research Concepts1000 |
CanAlsoBe | ![]() | 708 | Incorrect Ownership Assignment | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Insufficient Verification of Data | ||
OWASP Top Ten 2004 | A3 | CWE More Specific | Broken Authentication and Session Management |
WASC | 12 | Content Spoofing |
The specific ways in which the origin is not properly identified should be laid out as separate weaknesses. In some sense, this is more like a category. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Maintenance Notes, Relationships, Relationship Notes, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Insufficient Verification of Data | |||