1. Home
  2. CWE Database
  3. CWE-224
Base · Medium

CWE-224: Obscured Security-relevant Information by Alternate Name

The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

CWE-224 · Base Level ·1 CVEs

Description

The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

Potential Impact

Non-Repudiation, Access Control

Hide Activities, Gain Privileges or Assume Identity

Demonstrative Examples

This code prints the contents of a file if a user has permission.
Bad
function readFile($filename){
                        $user = getCurrentUser();$realFile = $filename;
                           
                           //resolve file if its a symbolic link
                           if(is_link($filename)){$realFile = readlink($filename);}
                           if(fileowner($realFile) == $user){echo file_get_contents($realFile);return;}else{echo 'Access denied';writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r'));}
                     }
While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363).

Real-World CVE Examples

CVE IDDescription
CVE-2002-0725Attacker performs malicious actions on a hard link to a file, obscuring the real target file.

CWE-221: Information Loss or Omission

The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or...

Taxonomy Mappings

  • PLOVER: — Obscured Security-relevant Information by Alternate Name

Frequently Asked Questions

What is CWE-224?

CWE-224 (Obscured Security-relevant Information by Alternate Name) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

How can CWE-224 be exploited?

Attackers can exploit CWE-224 (Obscured Security-relevant Information by Alternate Name) to hide activities, gain privileges or assume identity. This weakness is typically introduced during the Implementation, Operation phase of software development.

How do I prevent CWE-224?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-224?

CWE-224 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.