CWE-941β€”Incorrectly Specified Destination in a Communication Channel

PUBLISHEDweakness record
released 2014-02-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-941
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2014-02-19
Latest Modification Date:
2025-12-11

Weakness Name

Incorrectly Specified Destination in a Communication Channel

Description

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service. There are at least two distinct weaknesses that can cause the product to communicate with an unintended destination:

Common Consequences

Scope:
Access Control, Other
Impact:
Gain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism
Notes:
An attacker can access any functionality that is inadvertently accessible to the source.

Related Weaknesses