Description
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Potential Impact
Access Control, Other
Gain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism
Demonstrative Examples
IntentFilter filter = new IntentFilter("com.example.RemoveUser");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);
public class DeleteReceiver extends BroadcastReceiver {@Overridepublic void onReceive(Context context, Intent intent) {int userID = intent.getIntExtra("userID");destroyUserData(userID);}}// Android
@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){
if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){writeDataToView(view, UserData);return false;}else{return true;}}
}// iOS
-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{
NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@"exampleScheme"]){
NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@"specialFunction"]){
// Make data available back in webview.
UIWebView *webView = [self writeDataToView:[URL query]];
}return NO;
}return YES;
}window.location = examplescheme://method?parameter=valueMitigations & Prevention
Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack. When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2025-3651 | desktop product does not properly verify the source of a communication channel, allowing command execution |
| CVE-2000-1218 | DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning |
| CVE-2005-0877 | DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning |
| CVE-2001-1452 | DNS server caches glue records received from non-delegated name servers |
Related Weaknesses
Frequently Asked Questions
What is CWE-940?
CWE-940 (Improper Verification of Source of a Communication Channel) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
How can CWE-940 be exploited?
Attackers can exploit CWE-940 (Improper Verification of Source of a Communication Channel) to gain privileges or assume identity, varies by context, bypass protection mechanism. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-940?
Key mitigations include: Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle
What is the severity of CWE-940?
CWE-940 is classified as a Base-level weakness (Medium abstraction). It has been observed in 4 real-world CVEs.