Détail du CWE-1293

The product relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.

To operate successfully, a product sometimes has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried.

Modes d'introduction

Architecture and Design : This flaw could be introduced during the design of the application or misconfiguration at run time by only specifying a single point of validation.
Implementation : Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases.
Operation : This weakness could be introduced by intentionally failing all but one of the devices used to retrieve the data or by failing the devices that validate the data.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Conséquences courantes

Mesures d’atténuation potentielles

Phases : Requirements
Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources.
Phases : Implementation
Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Références

REF-1125

Validation Vulnerabilities
moparisthebest.
https://mailarchive.ietf.org/arch/msg/acme/s6Q5PdJP48LEUwgzrVuw_XPKCsM/

REF-1126

Multi-Perspective Validation Improves Domain Validation Security
Josh Aas, Daniel McCarney, Roland Shoemaker.
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html

REF-1127

Practical Byzantine Fault Tolerance and Proactive Recovery
Miguel Castro, Barbara Liskov.
https://dl.acm.org/doi/pdf/10.1145/571637.571640

Soumission

Modifications