Description
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.
Potential Impact
Integrity, Confidentiality
Gain Privileges or Assume Identity
Related Weaknesses
Frequently Asked Questions
What is CWE-924?
CWE-924 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
How can CWE-924 be exploited?
Attackers can exploit CWE-924 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel) to gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design phase of software development.
How do I prevent CWE-924?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-924?
CWE-924 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.