CWE-694: Use of Multiple Resources with Duplicate Identifier

BaseIncomplete

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

View on MITRE
Back to CWE Lookup

Extended Description

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-694: Use of Multiple Resources with Duplicate Identifier?+

CWE-694: Use of Multiple Resources with Duplicate Identifier is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

What are the security consequences of Use of Multiple Resources with Duplicate Identifier?+

If exploited, CWE-694 (Use of Multiple Resources with Duplicate Identifier) it can compromise Access Control and Other, leading to outcomes such as Bypass Protection Mechanism and Quality Degradation.

How do you prevent or mitigate Use of Multiple Resources with Duplicate Identifier?+

Recommended mitigations for CWE-694 include: Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

Which programming languages are affected by Use of Multiple Resources with Duplicate Identifier?+

CWE-694 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Use of Multiple Resources with Duplicate Identifier?+

MITRE documents real CVEs mapped to CWE-694, including CVE-2013-4787. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-694 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More