Base weakness
Draft
CWE-1293: Missing Source Correlation of Multiple Independent Data
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.
Log in
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.
Last updated
To operate successfully, a product sometimes has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried.
What can happen when CWE-1293 is exploited.
Read Application Data, Modify Application Data, Gain Privileges or Assume Identity
Affects: Confidentiality, Integrity
An attacker that may be able to execute a single Person-in-the-Middle attack can subvert a check of an external oracle (e.g. the ACME protocol check for a file on a website), and thus inject an arbitrary reply to the single perspective request to the external oracle.
Typically introduced during these phases of the software lifecycle.
Practical mitigations for CWE-1293, grouped by where in the lifecycle they apply.
Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources.
Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures.
Common questions about CWE-1293.
The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.
Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources.
Exploiting CWE-1293 can lead to: Read Application Data, Modify Application Data, Gain Privileges or Assume Identity.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1293 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.