Insufficient Verification of Data Authenticity
Draft Class
Structure: Simple
Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences 1
Scope: IntegrityOther
Impact: Varies by ContextUnexpected State
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Demonstrative Examples 1
ID : DX-153
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.Multiple vendors did not sign firmware images.
Observed Examples 3
CVE-2022-30260Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
CVE-2022-30267Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
CVE-2022-30272Remote Terminal Unit (RTU) does not use signatures for firmware images and relies on insecure checksums
References 2
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, and John Viega
McGraw-Hill
2010
ID: REF-44
OT:ICEFALL: The legacy of "insecure by design" and its implications for certifications and risk management
Forescout Vedere Labs
20-06-2022
ID: REF-1283
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
ICS/OT : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
- 111Direct Use of Unsafe JNI
- 141Improper Neutralization of Parameter/Argument Delimiters
- 142Improper Neutralization of Value Delimiters
- 148Improper Neutralization of Input Leaders
- 218DEPRECATED: Failure to provide confidentiality for stored data
- 384Session Fixation
- 385Covert Timing Channel
- 386Symbolic Name not Mapping to Correct Object
- 387Signal Errors
- 3887PK - Errors
- 665Improper Initialization
- 701Weaknesses Introduced During Design
Related Weaknesses
Taxonomy Mapping
- PLOVER
- OWASP Top Ten 2004
- WASC
Notes
Relationship"origin validation" could fall under this.
MaintenanceThe specific ways in which the origin is not properly identified should be laid out as separate weaknesses. In some sense, this is more like a category.