Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

CWE-694: Use of Multiple Resources with Duplicate Identifier | Mondoo Vulnerability Intelligence

CWE-694

BaseIncomplete

View on MITRE

Use of Multiple Resources with Duplicate Identifier

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

8 linked vulnerabilities

2 related weaknesses

Extended Description

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

Access ControlBypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

OtherQuality Degradation

Modes of Introduction

Architecture and DesignImplementation

Related Weaknesses

CWE-99ChildOf CWE-573ChildOf

Example CVEs (1)

CVE-2013-4787

chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.

External Links

MITRE CWE Database