CWE-360 信任系统事件数据

Trust of System Event Data

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: High

基本描述

Security based on event locations are insecure and can be spoofed.

扩展描述

Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Integrity', 'Confidentiality', 'Availability', 'Access Control'] ['Gain Privileges or Assume Identity', 'Execute Unauthorized Code or Commands'] If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity.

可能的缓解方案

Architecture and Design

策略:

Never trust or rely any of the information in an Event for security.

示例代码

This example code prints out secret information when an authorized user activates a button:

bad Java

public void actionPerformed(ActionEvent e) {
if (e.getSource() == button) {
System.out.println("print out secret information");
}
}

This code does not attempt to prevent unauthorized users from activating the button. Even if the button is rendered non-functional to unauthorized users in the application UI, an attacker can easily send a false button press event to the application window and expose the secret information.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Trust of system event data
Software Fault Patterns SFP29 Faulty endpoint authentication