Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1007 (屏幕显示出的不同编码的同形字母不易区分) — Vulnerability Class 2

2 vulnerabilities classified as CWE-1007 (屏幕显示出的不同编码的同形字母不易区分). AI Chinese analysis included.

CWE-1007 represents a user interface weakness where applications fail to visually distinguish between homoglyphs—characters that appear identical but have different underlying code points. Attackers typically exploit this by crafting malicious URLs, filenames, or email addresses using visually similar characters from different alphabets, such as replacing Latin 'a' with Cyrillic 'а'. This deception tricks users into interacting with hostile resources while believing they are accessing legitimate services, facilitating phishing or malware installation. To mitigate this risk, developers must implement robust input validation and display normalization techniques. Best practices include enforcing strict character set restrictions, using monospaced fonts for critical identifiers, and explicitly highlighting or blocking ambiguous characters. Additionally, employing security-focused rendering engines that automatically detect and warn about potential homoglyph attacks ensures users can accurately interpret displayed information, thereby preventing unintended insecure actions caused by visual confusion.

MITRE CWE Description
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action. Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase "l" (ell) and uppercase "I" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin capital letter "A" and the Greek capital letter "Α" (Alpha) are treated as distinct by programs, but may be displayed in exactly the same way to a user. Accent marks may also cause letters to appear very similar, such as the Latin capital letter grave mark "À" and its equivalent "Á" with the acute accent. Adversaries can exploit this visual similarity for attacks such as phishing, e.g. by providing a link to an attacker-controlled hostname that looks like a hostname that the victim trusts. In a different use of homoglyphs, an adversary may create a back door username that is visually similar to the username of a regular user, which then makes it more difficult for a system administrator to detect the malicious username while reviewing logs.
Common Consequences (1)
Integrity, ConfidentialityOther
An attacker may ultimately redirect a user to a malicious website, by deceiving the user into believing the URL they are accessing is a trusted domain. However, the attack can also be used to forge log entries by using homoglyphs in usernames. Homoglyph manipulations are often the first step towards…
Mitigations (2)
ImplementationUse a browser that displays Punycode for IDNs in the URL and status bars, or which color code various scripts in URLs. Due to the prominence of homoglyph attacks, several browsers now help safeguard against this attack via the use of Punycode. For example, Mozilla Firefox and Google Chrome will display IDNs as Punycode if top-level domains do not restrict which characters can be used in domain nam…
ImplementationUse an email client that has strict filters and prevents messages that mix character sets to end up in a user's inbox. Certain email clients such as Google's GMail prevent the use of non-Latin characters in email addresses or in links contained within emails. This helps prevent homoglyph attacks by flagging these emails and redirecting them to a user's spam folder.
Examples (2)
The following looks like a simple, trusted URL that a user may frequently access.
http://www.еxаmрlе.соm
Attack
The following displays an example of how creating usernames containing homoglyphs can lead to log forgery.
123.123.123.123 аdmіn [17/Jul/2017:09:05:49 -0400] "GET /example/users/userlist HTTP/1.1" 401 12846 123.123.123.123 аdmіn [17/Jul/2017:09:06:51 -0400] "GET /example/users/userlist HTTP/1.1" 200 4523 123.123.123.123 admin [17/Jul/2017:09:10:02 -0400] "GET /example/users/editusers HTTP/1.1" 200 6291 123.123.123.123 аdmіn [17/Jul/2017:09:10:02 -0400] "GET /example/users/editusers HTTP/1.1" 200 6291
Result
CVE IDTitleCVSSSeverityPublished
CVE-2025-27611 base-x homograph attack allows Unicode lookalike characters to bypass validation. — base-x 4.3AIMediumAI2025-04-30
CVE-2025-0996 Google Chrome 安全漏洞 — Chrome 6.5 -2025-02-15

Vulnerabilities classified as CWE-1007 (屏幕显示出的不同编码的同形字母不易区分) represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.