CWE-940 Base Incompleto

Improper Verification of Source of a Communication Channel

This vulnerability occurs when an application accepts incoming communication requests without properly checking where they originate from, allowing potentially malicious sources to establish a…

Definição

What is CWE-940?

This vulnerability occurs when an application accepts incoming communication requests without properly checking where they originate from, allowing potentially malicious sources to establish a connection.
When an application fails to verify the true source of a communication channel—such as a network connection, inter-process communication, or API request—it essentially opens a door without checking who's knocking. Attackers can exploit this by spoofing their origin, making malicious traffic appear legitimate, and tricking the system into accepting unauthorized connections. This lack of verification can lead to severe security breaches, including privilege escalation, data theft, or unauthorized access to internal functionality. Developers should implement strong origin validation—like checking IP addresses, using authentication handshakes, or verifying cryptographic signatures—before establishing any communication channel to ensure only trusted sources can interact with the system.
Impacto no mundo real

Real-world CVEs caused by CWE-940

  • CVE-2000-1218

    DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning

  • CVE-2005-0877

    DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning

  • CVE-2001-1452

    DNS server caches glue records received from non-delegated name servers

Como os atacantes a exploram

Trajeto do atacante passo a passo

  1. 1

    This Android application will remove a user account when it receives an intent to do so:

  2. 2

    This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file.

  3. 3

    These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:

  4. 4

    A call into native code can then be initiated by passing parameters within the URL:

  5. 5

    Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site.

Exemplo de código vulnerável

Vulnerable Java

This Android application will remove a user account when it receives an intent to do so:

Vulnerável Java 
IntentFilter filter = new IntentFilter("com.example.RemoveUser");
  MyReceiver receiver = new MyReceiver();
  registerReceiver(receiver, filter);
  public class DeleteReceiver extends BroadcastReceiver {
  	@Override
  	public void onReceive(Context context, Intent intent) {
  		int userID = intent.getIntExtra("userID");
  		destroyUserData(userID);
  	}
  }
Payload do atacante

A call into native code can then be initiated by passing parameters within the URL:

Payload do atacante JavaScript 
window.location = examplescheme://method?parameter=value
Exemplo de código seguro

Secure pseudo

Seguro pseudo 
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção

How to prevent CWE-940

  • Architecture and Design Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack. When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
Sinais de deteção

How to detect CWE-940

SAST High

Executar análise estática (SAST) na base de código à procura do padrão inseguro no fluxo de dados.

DAST Moderate

Executar testes dinâmicos de segurança de aplicações (DAST) contra o endpoint em execução.

Runtime Moderate

Monitorizar os registos em tempo de execução para traços de exceção invulgares, input malformado ou tentativas de contornar a autorização.

Code review Moderate

Revisão de código: sinalizar qualquer novo código que trate input desta superfície sem usar os ajudantes validados do framework.

Correção automática do Plexicus

O Plexicus deteta automaticamente o CWE-940 e abre um PR de correção em menos de 60 segundos.

O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.

Obter uma demonstração Experimente o Plexicus gratuitamente
Perguntas frequentes

Frequently asked questions

O que é o CWE-940?

This vulnerability occurs when an application accepts incoming communication requests without properly checking where they originate from, allowing potentially malicious sources to establish a connection.

Qual a gravidade do CWE-940?

A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.

Que linguagens ou plataformas são afetadas pelo CWE-940?

MITRE lists the following affected platforms: Mobile.

Como posso prevenir o CWE-940?

Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack. When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.

Como é que o Plexicus deteta e corrige o CWE-940?

O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-940 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.

Onde posso saber mais sobre o CWE-940?

A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/940.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.

Fraquezas relacionadas

Weaknesses related to CWE-940

CWE-923 Pai

Improper Restriction of Communication Channel to Intended Endpoints

This vulnerability occurs when a system opens a communication channel for a sensitive task but fails to properly verify that it's actually…

CWE-1275 Irmão

Sensitive Cookie with Improper SameSite Attribute

This vulnerability occurs when a sensitive cookie does not have a secure SameSite attribute configured, leaving it exposed to cross-site…

CWE-291 Irmão

Reliance on IP Address for Authentication

This vulnerability occurs when a system uses a client's IP address as the sole or primary method to verify their identity.

CWE-297 Irmão

Improper Validation of Certificate with Host Mismatch

This vulnerability occurs when an application accepts a valid SSL/TLS certificate without properly verifying that it actually belongs to…

CWE-300 Irmão

Channel Accessible by Non-Endpoint

This vulnerability occurs when a system fails to properly verify who is on the other end of a communication link or to secure the channel…

CWE-419 Irmão

Unprotected Primary Channel

This vulnerability occurs when an application exposes a privileged administrative interface or restricted functionality through a primary…

CWE-420 Irmão

Unprotected Alternate Channel

This vulnerability occurs when an application secures its main communication path but leaves a backup or alternative channel with weaker…

CWE-941 Irmão

Incorrectly Specified Destination in a Communication Channel

This vulnerability occurs when an application establishes an outgoing communication channel but fails to correctly define or enforce the…

CWE-942 Irmão

Permissive Cross-domain Security Policy with Untrusted Domains

This vulnerability occurs when a web application's cross-domain security policy, like a Content Security Policy (CSP), explicitly allows…

Recursos

Further reading

Pronto quando você estiver

Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.

O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.

Começar grátis Reservar uma demo