Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-694 (使用多个具有重复标识的资源) — Vulnerability Class 8

8 vulnerabilities classified as CWE-694 (使用多个具有重复标识的资源). AI Chinese analysis included.

CWE-694 represents a resource management weakness where a system incorrectly assigns or handles duplicate identifiers for distinct resources in contexts demanding uniqueness. This flaw typically arises when developers fail to enforce strict identity constraints, allowing attackers to manipulate input or exploit race conditions to associate multiple resources with a single identifier. Consequently, the application may operate on the wrong resource, leading to data corruption, unauthorized access, or denial of service as the system misinterprets the intended target. To prevent this, developers must implement robust validation mechanisms that guarantee identifier uniqueness across all relevant scopes. Utilizing cryptographic hashing, database constraints, or unique key generation algorithms ensures that each resource maintains a distinct identity. Additionally, rigorous input sanitization and thorough testing for collision scenarios are essential to mitigate the risk of identifier reuse and maintain system integrity.

MITRE CWE Description
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
Common Consequences (2)
Access ControlBypass Protection Mechanism
If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.
OtherQuality Degradation
Mitigations (1)
Architecture and DesignWhere possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
Examples (1)
These two Struts validation forms have the same name.
<form-validation> <formset> <form name="ProjectForm"> ... </form> <form name="ProjectForm"> ... </form> </formset> </form-validation>
Bad · XML
CVE IDTitleCVSSSeverityPublished
CVE-2026-5794 Vulnerability in Cryptobox allows an authenticated user to trigger an account lockout — Cryptobox 7.1AIHighAI2026-04-28
CVE-2025-13609 Keylime: keylime: registrar allows identity takeover via duplicate uuid registration — keylime 8.2 High2025-11-24
CVE-2024-41146 Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 — Controller 6000 and Controller 7000 4.6 Medium2024-12-12
CVE-2022-23721 PingID integration for Windows login duplicate username collision. — unspecified 3.8 Low2023-04-25
CVE-2023-20100 Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability — Cisco IOS XE Software 6.8 Medium2023-03-23
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known — zephyr 4.3 Medium2021-10-05
CVE-2020-15187 Duplicate plugin entries in Helm — helm 3.0 Low2020-09-17
CVE-2020-15185 Duplicated chart entries in Helm — helm 2.2 Low2020-09-17

Vulnerabilities classified as CWE-694 (使用多个具有重复标识的资源) represent 8 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.