CWE-360

Trust of System Event Data

AI Translation Available

Security based on event locations are insecure and can be spoofed.

Status

incomplete

Abstraction

base

Likelihood

high

Affected Platforms

Extended Description

AI Translation

Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.

Technical Details

AI Translation

Common Consequences

integrity confidentiality availability access control

Impacts

gain privileges or assume identity execute unauthorized code or commands

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Never trust or rely any of the information in an Event for security.

AI Generated Translation

Common Consequences

integrità riservatezza disponibilità controllo degli accessi

Impacts

ottenere privilegi o assumere identità eseguire codice o comandi non autorizzati

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Mai fidarsi o fare affidamento su alcuna delle informazioni contenute in un Evento per motivi di sicurezza.

CWE-360

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter