CWE-1293: Missing Source Correlation of Multiple Independent Data

BaseDraft

The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.

View on MITRE
Back to CWE Lookup

Extended Description

To operate successfully, a product sometimes has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Frequently Asked Questions

What is CWE-1293: Missing Source Correlation of Multiple Independent Data?+

CWE-1293: Missing Source Correlation of Multiple Independent Data is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. To operate successfully, a product sometimes has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried.

What are the security consequences of Missing Source Correlation of Multiple Independent Data?+

If exploited, CWE-1293 (Missing Source Correlation of Multiple Independent Data) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Application Data, Modify Application Data and Gain Privileges or Assume Identity.

How do you prevent or mitigate Missing Source Correlation of Multiple Independent Data?+

Recommended mitigations for CWE-1293 include: Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources. Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures.

Which programming languages are affected by Missing Source Correlation of Multiple Independent Data?+

CWE-1293 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1293 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More