CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

BaseIncomplete

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

View on MITRE
Back to CWE Lookup

Extended Description

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel?+

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

What are the security consequences of Improper Enforcement of Message Integrity During Transmission in a Communication Channel?+

If exploited, CWE-924 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel) it can compromise Integrity and Confidentiality, leading to outcomes such as Gain Privileges or Assume Identity.

Which programming languages are affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel?+

CWE-924 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-924 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More