CWE-694

BaseIncomplete

View on MITRE

Use of Multiple Resources with Duplicate Identifier

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

8 linked vulnerabilities

2 related weaknesses

Extended Description

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Architecture and Design

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

Access Control

Bypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other

Quality Degradation

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

CWE-99ChildOf CWE-573ChildOf

Example CVEs (1)

CVE-2013-4787

chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.

External Links

MITRE CWE Database

CWE-694: Use of Multiple Resources with Duplicate Identifier | Mondoo Vulnerability Intelligence