CWE WEAKNESSES / CWE-694
CWE-694
Use of Multiple Resources with Duplicate Identifier
Base
What it is
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
Impact
| Access Control | Bypass Protection Mechanism |
| Other | Quality Degradation |
Mitigations
- [Architecture and Design] Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
Real-world CVE examples
- CVE-2013-4787 — chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archiv
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →