1. Home
  2. Weaknesses
  3. CWE-300

CWE-300: Channel Accessible by Non-Endpoint

ID CWE-300
Abstraction Class
Structure Simple
Status Draft
Number of CVEs 42
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.

Modes of Introduction

Phase Note
Architecture and Design REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-923 Improper Restriction of Communication Channel to Intended Endpoints Class Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CWE-300
CAPEC-94 Adversary in the Middle (AiTM) CWE-300
CAPEC-466 Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy CWE-300
CAPEC-589 DNS Blocking CWE-300
CAPEC-590 IP Address Blocking CWE-300
CAPEC-612 WiFi MAC Address Tracking CWE-300
CAPEC-613 WiFi SSID Tracking CWE-300
CAPEC-615 Evil Twin Wi-Fi Attack CWE-300
CAPEC-662 Adversary in the Browser (AiTB) CWE-300

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date