1. Home
  2. CWE Database
  3. CWE-694
Base · Medium

CWE-694: Use of Multiple Resources with Duplicate Identifier

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

CWE-694 · Base Level ·1 CVEs ·1 Mitigations

Description

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Potential Impact

Access Control

Bypass Protection Mechanism

Other

Quality Degradation

Demonstrative Examples

These two Struts validation forms have the same name.
Bad
<form-validation>
				   
					 <formset>
					 
					   <form name="ProjectForm"> ... </form>
					   <form name="ProjectForm"> ... </form>
					 
					 </formset>
				   
				   </form-validation>
It is not certain which form will be used by Struts. It is critically important that validation logic be maintained and kept in sync with the rest of the product.

Mitigations & Prevention

Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

Real-World CVE Examples

CVE IDDescription
CVE-2013-4787chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input befor...

CWE-573: Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, enviro...

Frequently Asked Questions

What is CWE-694?

CWE-694 (Use of Multiple Resources with Duplicate Identifier) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

How can CWE-694 be exploited?

Attackers can exploit CWE-694 (Use of Multiple Resources with Duplicate Identifier) to bypass protection mechanism. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-694?

Key mitigations include: Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

What is the severity of CWE-694?

CWE-694 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.