logo

Channel Accessible by Non-Endpoint

Draft Class
Structure: Simple
Description

This vulnerability occurs when a system fails to properly verify who is on the other end of a communication link or to secure the channel itself. This allows an unauthorized third party to access or manipulate the communication as if they were a legitimate participant.

Extended Description

Secure communication requires confidently knowing who you're talking to at both ends of the connection. If a system performs weak, inconsistent, or missing identity checks, it can't be sure if the other party is genuine. Attackers exploit this gap by inserting themselves into the channel, impersonating a trusted endpoint. Once in the middle, they can silently eavesdrop on or alter the data flowing between the two original, unsuspecting parties. For developers, the core issue is misplaced trust. Without robust endpoint verification—like mutual authentication—your application might share sensitive data with an impostor. To prevent this, ensure your implementation validates identities at both ends using strong, cryptographic methods and maintains the channel's integrity to block unauthorized access or tampering.
Common Consequences 1
Scope: ConfidentialityIntegrityAccess Control

Impact: Read Application DataModify Application DataGain Privileges or Assume Identity

An attacker could pose as one of the entities and read or possibly modify the communication.
Detection Methods 3
Automated Dynamic Analysis
Some tools can act as proxy servers that allow the tester to intercept packets or messages, inspect them, and modify them before sending them to the destination in order to see if the modified packets are still accepted by the receiving component.
Automated Dynamic Analysis
Dynamic Application Security Testing (DAST) tools can be used to detect network traffic without encryption and/or verification. The affected protocol may be subject to Adversary-in-the-Middle attacks. Some tools act as proxy servers that allow the tester to inspect and modify packets/messages to see if they are still accepted by the receiving component.
Automated Static AnalysisModerate
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) The analysis could identify use of protocols that are subject to Adversary-in-the-Middle attacks.
Potential Mitigations 3
Phase: Implementation
Always fully authenticate both ends of any communications channel.
Phase: Architecture and Design
Adhere to the principle of complete mediation.
Phase: Implementation
A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer's private key. The certificate can be validated by deciphering the certificate with the issuer's public key. See also X.509 certificate signature chains and the PGP certification structure.
Demonstrative Examples 1
In the Java snippet below, data is sent over an unencrypted channel to a remote server.

Code Example:

Bad
Java
java

// Write data to remote host via socket output stream.* ...}

By eavesdropping on the communication channel or posing as the endpoint, an attacker would be able to read all of the transmitted data.
Observed Examples 1
CVE-2014-1266chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversry-in-the-Middle (AITM) attack (Apple "goto fail" bug). Incorrect Control Flow Scoping (Incorrect Control Flow Scoping) -> Dead Code (Dead Code) -> Improper Certificate Validation (Improper Certificate Validation) -> Return of Wrong Status Code (Return of Wrong Status Code) -> Channel Accessible by Non-Endpoint (Channel Accessible by Non-Endpoint).
References 1
Computer Security: Art and Science
M. Bishop
Addison-Wesley
2003
ID: REF-244
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Related Attack Patterns
Alternate Terms

Adversary-in-the-Middle / AITM

Attacker-in-the-Middle / AITM

Man-in-the-Middle / MITM

Person-in-the-Middle / PITM

Monkey-in-the-Middle

Monster-in-the-Middle

Manipulator-in-the-Middle

On-path attack

Interception attack
Related Weaknesses
ChildOf: Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
Taxonomy Mapping
  • PLOVER
  • WASC
  • The CERT Oracle Secure Coding Standard for Java (2011)
Notes
MaintenanceThe summary identifies multiple distinct possibilities, suggesting that this is a category that must be broken into more specific weaknesses.