CWE-807: Reliance on Untrusted Inputs in a Security Decision

BaseIncompleteExploit Likelihood: High

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

View on MITRE
Back to CWE Lookup

Extended Description

Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-807: Reliance on Untrusted Inputs in a Security Decision?+

CWE-807: Reliance on Untrusted Inputs in a Security Decision is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.

What are the security consequences of Reliance on Untrusted Inputs in a Security Decision?+

If exploited, CWE-807 (Reliance on Untrusted Inputs in a Security Decision) it can compromise Confidentiality, Access Control, Availability and Other, leading to outcomes such as Bypass Protection Mechanism, Gain Privileges or Assume Identity and Varies by Context.

How is Reliance on Untrusted Inputs in a Security Decision detected?+

CWE-807 can be detected using Manual Static Analysis - Source Code and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Reliance on Untrusted Inputs in a Security Decision?+

CWE-807 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Reliance on Untrusted Inputs in a Security Decision?+

MITRE documents real CVEs mapped to CWE-807, including CVE-2009-1549, CVE-2009-1619, CVE-2009-0864, CVE-2008-5784 and CVE-2008-6291. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-807 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More