CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Acceptance of Extraneous Untrusted Data With Trusted Data
Description
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Common Consequences
Scope: Access Control, Integrity
Impact: Bypass Protection Mechanism, Modify Application Data
Notes: An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.