CWE-1293: Missing Source Correlation of Multiple Independent Data

The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

To operate successfully, a product sometimes has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried.

CWE-1293: Missing Source Correlation of Multiple Independent Data

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Frequently asked questions

What is CWE-1293?

How do you prevent CWE-1293?

What are the consequences of CWE-1293?

References

Stay ahead of CWE-1293

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Related weaknesses

Parent

Peer

Frequently asked questions

What is CWE-1293?

How do you prevent CWE-1293?

What are the consequences of CWE-1293?

References

Stay ahead of CWE-1293