CWE-941 - Incorrectly Specified Destination in a Communication Channel
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2014-02-19
- Latest Modification Date:2023-06-29
Weakness Name
Incorrectly Specified Destination in a Communication Channel
Description
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service. There are at least two distinct weaknesses that can cause the product to communicate with an unintended destination:
Related Weaknesses
CWE-406Insufficient Control of Network Message Volume (Network Amplification)
CWE-923Improper Restriction of Communication Channel to Intended Endpoints