CWE-941βIncorrectly Specified Destination in a Communication Channel
PUBLISHEDweakness record
released 2014-02-19 Β· last modified 2025-12-11
Metadata
Weakness Name
Incorrectly Specified Destination in a Communication Channel
Description
The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service. There are at least two distinct weaknesses that can cause the product to communicate with an unintended destination: