Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-940 (通信信道源的不正确验证) — Vulnerability Class 31

31 vulnerabilities classified as CWE-940 (通信信道源的不正确验证). AI Chinese analysis included.

CWE-940 represents a critical input validation weakness where software fails to authenticate the origin of an incoming communication channel. This flaw typically arises when applications accept connections or requests without verifying that they originate from a trusted, expected source. Attackers exploit this by establishing unauthorized channels from untrusted entities, effectively bypassing access controls to gain elevated privileges or trigger unintended functionality. To mitigate this risk, developers must implement rigorous source verification mechanisms, such as validating IP addresses, enforcing strict authentication protocols, and utilizing secure channel establishment procedures. By ensuring that every incoming connection is authenticated against a whitelist of known, trusted origins, organizations can prevent unauthorized actors from hijacking communication pathways and compromising system integrity.

MITRE CWE Description
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Common Consequences (1)
Access Control, OtherGain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism
An attacker can access any functionality that is inadvertently accessible to the source.
Mitigations (1)
Architecture and DesignUse a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack. When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface …
Examples (2)
This Android application will remove a user account when it receives an intent to do so:
IntentFilter filter = new IntentFilter("com.example.RemoveUser"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); public class DeleteReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { int userID = intent.getIntExtra("userID"); destroyUserData(userID); } }
Bad · Java
These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:
// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }
Bad · Java
// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }
Bad · Objective-C
CVE IDTitleCVSSSeverityPublished
CVE-2021-41038 Eclipse Theia 安全漏洞 — @theia/plugin-ext 6.1 -2021-11-10

Vulnerabilities classified as CWE-940 (通信信道源的不正确验证) represent 31 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.