Class weakness

Incomplete

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint. While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness.

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Attack patterns

Frequently asked questions

What is CWE-923?

What CVEs are caused by CWE-923?

How is CWE-923 detected?

What are the consequences of CWE-923?

Is CWE-923 actively exploited?

References

Stay ahead of CWE-923

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Related

Attack patterns

Frequently asked questions

What is CWE-923?

What CVEs are caused by CWE-923?

How is CWE-923 detected?

What are the consequences of CWE-923?

Is CWE-923 actively exploited?

References

Stay ahead of CWE-923