1. Home
  2. CWE Database
  3. CWE-941
Base · Medium

CWE-941: Incorrectly Specified Destination in a Communication Channel

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

CWE-941 · Base Level ·3 CVEs

Description

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service. There are at least two distinct weaknesses that can cause the product to communicate with an unintended destination:

Potential Impact

Access Control, Other

Gain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism

Demonstrative Examples

This code listens on a port for DNS requests and sends the result to the requesting address.
Bad
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:
                        data = sock.recvfrom(1024)if not data:break
                           (requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)
This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed ('spoofed'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic.

Real-World CVE Examples

CVE IDDescription
CVE-2013-5211composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.
CVE-1999-0513Classic "Smurf" attack, using spoofed ICMP packets to broadcast addresses.
CVE-1999-1379DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it ...

CWE-406: Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the ...

Frequently Asked Questions

What is CWE-941?

CWE-941 (Incorrectly Specified Destination in a Communication Channel) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

How can CWE-941 be exploited?

Attackers can exploit CWE-941 (Incorrectly Specified Destination in a Communication Channel) to gain privileges or assume identity, varies by context, bypass protection mechanism. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-941?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-941?

CWE-941 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.