Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-300 (通道可被非端点访问(中间人攻击)) — Vulnerability Class 42

42 vulnerabilities classified as CWE-300 (通道可被非端点访问(中间人攻击)). AI Chinese analysis included.

CWE-300 represents a critical authentication weakness where a system fails to adequately verify the identities of both parties in a communication channel or ensure its integrity. This flaw allows unauthorized actors to intercept, manipulate, or inject malicious data into the stream, effectively becoming an unverified endpoint. Attackers typically exploit this by performing man-in-the-middle attacks, session hijacking, or spoofing legitimate connections to steal sensitive information or execute unauthorized commands. To mitigate this risk, developers must implement robust mutual authentication protocols, such as TLS with certificate validation, ensuring both ends are verified before data exchange. Additionally, employing message authentication codes and strict input validation helps maintain channel integrity. By rigorously checking entity identities and securing the transmission path, organizations can prevent unauthorized access and ensure that only legitimate endpoints influence the communication flow.

MITRE CWE Description
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.
Common Consequences (1)
Confidentiality, Integrity, Access ControlRead Application Data, Modify Application Data, Gain Privileges or Assume Identity
An attacker could pose as one of the entities and read or possibly modify the communication.
Mitigations (3)
ImplementationAlways fully authenticate both ends of any communications channel.
Architecture and DesignAdhere to the principle of complete mediation.
ImplementationA certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer's private key. The certificate can be validated by deciphering the certificate with the issuer's public key. See also X.509 certi…
Examples (1)
In the Java snippet below, data is sent over an unencrypted channel to a remote server.
Socket sock; PrintWriter out; try { sock = new Socket(REMOTE_HOST, REMOTE_PORT); out = new PrintWriter(echoSocket.getOutputStream(), true); // Write data to remote host via socket output stream. ... }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2018-14636 Openstack-neutron 安全漏洞 — openstack-neutron 6.5 -2018-09-10
CVE-2017-12151 Samba 加密问题漏洞 — samba 7.4 -2018-07-27
CVE-2017-12150 Samba 安全漏洞 — samba 7.4 -2018-07-26
CVE-2016-10536 engine.io-client 安全漏洞 — engine.io-client node module 5.9 -2018-05-31
CVE-2017-12697 General Motors和Shanghai OnStar iOS Client 安全漏洞 — General Motors and Shanghai OnStar (SOS) iOS Client 5.9 -2018-01-09
CVE-2017-15086 Red Hat Enterprise Linux Gluster Storage 安全漏洞 — Gluster Storage for RHEL 6 5.9 -2017-11-08
CVE-2017-15085 Red Hat Enterprise Linux Gluster Storage 安全漏洞 — Gluster Storage for RHEL 6 5.9 -2017-11-08
CVE-2017-12735 Siemens LOGO!8 BM 安全漏洞 — LOGO! 8 BM (incl. SIPLUS variants) 7.4 -2017-08-30
CVE-2017-6870 Siemens SIMATIC WinCC Sm@rtClient for Android 安全漏洞 — SIMATIC WinCC Sm@rtClient for Android 7.4 -2017-08-08
CVE-2017-9941 Siemens SiPass integrated 安全漏洞 — SiPass integrated All versions before V2.70 7.4 -2017-08-08
CVE-2017-7480 rkhunter 代码问题漏洞 — rkhunter 9.8 -2017-07-21
CVE-2017-6052 Hyundai Motor America Blue Link 安全漏洞 — Hyundai Motor America Blue Link 4.2 -2017-04-26

Vulnerabilities classified as CWE-300 (通道可被非端点访问(中间人攻击)) represent 42 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.