CWE-347 - Improper Verification of Cryptographic Signature
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-11-19
Weakness Name
Improper Verification of Cryptographic Signature
Description
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Common Consequences
Scope: Access Control, Integrity, Confidentiality
Impact: Gain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands
Notes: An attacker could gain access to sensitive data and possibly execute unauthorized code.