CWE-322
Overview
- CWE ID
- 322
- CWE Name
- Key Exchange without Entity Authentication
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The software performs a key exchange with an actor without verifying the identity of that actor.
Extended Description
Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between