Improper Verification of Cryptographic Signature
Draft Base
Structure: Simple
Description
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Common Consequences 1
Scope: Access ControlIntegrityConfidentiality
Impact: Gain Privileges or Assume IdentityModify Application DataExecute Unauthorized Code or Commands
An attacker could gain access to sensitive data and possibly execute unauthorized code.
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Demonstrative Examples 1
In the following code, a JarFile object is created from a downloaded file.
Code Example:
Bad
Java
javaThe JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead.
Observed Examples 4
CVE-2002-1796Does not properly verify signatures for "trusted" entities.
CVE-2005-2181Insufficient verification allows spoofing.
CVE-2005-2182Insufficient verification allows spoofing.
CVE-2002-1706Accepts a configuration file without a Message Integrity Check (MIC) signature.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
Taxonomy Mapping
- PLOVER
- The CERT Oracle Secure Coding Standard for Java (2011)
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443