CWE-642External Control of Critical State Data

PUBLISHEDweakness recordHigh
released 2008-01-30 · last modified 2026-04-30

Metadata

CWE ID:
CWE-642
摘要:
Class
结构:
Simple
状态:
Draft
发布日期:
2008-01-30
更新日期:
2026-04-30

名称

External Control of Critical State Data

描述

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

If an attacker can modify the state information without detection, then it could be used to perform unauthorized actions or access unexpected resources, since the application programmer does not expect that the state can be changed. State information can be stored in various locations such as a cookie, in a hidden web form field, input parameter or argument, an environment variable, a database record, within a settings file, etc. All of these locations have the potential to be modified by an attacker. When this state information is used to control security or determine resource usage, then it may create a vulnerability. For example, an application may perform authentication, then save the state in an "authenticated=true" cookie. An attacker may simply create this cookie in order to bypass the authentication.

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
注释:
An attacker could potentially modify the state in malicious ways. If the state is related to the privileges or level of authentication that the user has, then state modification might allow the user to bypass authentication or elevate privileges.
范围:
Confidentiality
影响:
Read Application Data
注释:
The state variables may contain sensitive information that should not be known by the client.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart
注释:
By modifying state variables, the attacker could violate the application's expectations for the contents of the state, leading to a denial of service due to an unexpected error condition.

相关 CWE

相关警报