1. Home
  2. CWE Database
  3. CWE-300
Class · High

CWE-300: Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to b...

CWE-300 · Class Level ·1 CVEs ·3 Mitigations

Description

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.

Potential Impact

Confidentiality, Integrity, Access Control

Read Application Data, Modify Application Data, Gain Privileges or Assume Identity

Demonstrative Examples

In the Java snippet below, data is sent over an unencrypted channel to a remote server.
Bad
Socket sock;PrintWriter out;
                     try {
                        sock = new Socket(REMOTE_HOST, REMOTE_PORT);out = new PrintWriter(echoSocket.getOutputStream(), true);
                           
                           // Write data to remote host via socket output stream.
                           ...
                     }
By eavesdropping on the communication channel or posing as the endpoint, an attacker would be able to read all of the transmitted data.

Mitigations & Prevention

Implementation

Always fully authenticate both ends of any communications channel.

Architecture and Design

Adhere to the principle of complete mediation.

Implementation

A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer's private key. The certificate can be validated by deciphering the certificate with the issuer's public key. See also X.509 certificate signature chains and the PGP certification structure.

Detection Methods

  • Automated Dynamic Analysis — Some tools can act as proxy servers that allow the tester to intercept packets or messages, inspect them, and modify them before sending them to the destination in order to see if the modified packets are still accepted by the receiving component.
  • Automated Dynamic Analysis — Dynamic Application Security Testing (DAST) tools can be used to detect network traffic without encryption and/or verification. The affected protocol may be subject to Adversary-in-the-Middle attacks. Some tools act as proxy servers that allow the tester to inspect and modify packets/messages to se
  • Automated Static Analysis Moderate — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2014-1266Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-56

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it ...

Taxonomy Mappings

  • PLOVER: — Man-in-the-middle (MITM)
  • WASC: 32 — Routing Detour
  • The CERT Oracle Secure Coding Standard for Java (2011): SEC06-J — Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar

Frequently Asked Questions

What is CWE-300?

CWE-300 (Channel Accessible by Non-Endpoint) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to b...

How can CWE-300 be exploited?

Attackers can exploit CWE-300 (Channel Accessible by Non-Endpoint) to read application data, modify application data, gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design phase of software development.

How do I prevent CWE-300?

Key mitigations include: Always fully authenticate both ends of any communications channel.

What is the severity of CWE-300?

CWE-300 is classified as a Class-level weakness (High abstraction). It has been observed in 1 real-world CVEs.