Live Active security incident? Get immediate response
CWE Reference

CWE-940: Improper Verification of Source of a Communication Channel

Official CWE-940 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.

Release 4.20weaknessIncomplete
Search CWE CWE Dictionary

Glexia's Take

CWE-940: Improper Verification of Source of a Communication Channel

Improper Verification of Source of a Communication Channel represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Access Control,Other: Gain Privileges or Assume Identity,Varies by Context,Bypass Protection Mechanism: An attacker can access any functionality that is inadvertently accessible to the source.

Developer Pattern

CWE-940 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Confidence

high confidence from CWE-940, 4.20.

Official CWE Definition

CWE-940: Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.

Type
weakness
Abstraction
Base
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • This Android application will remove a user account when it receives an intent to do so: This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file.
  • These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application: A call into native code can then be initiated by passing parameters within the URL:,Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site.

Remediation

  • Architecture and Design: [object Object]

Detection

  • Code review
  • SAST
  • DAST
  • Focused regression tests

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.