CWE-940: Improper Verification of Source of a Communication Channel

BaseIncomplete

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

View on MITRE
Back to CWE Lookup

Extended Description

When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-940

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-940: Improper Verification of Source of a Communication Channel | CWE Lookup | Inventive HQ