CWE-924
AllowedImproper Enforcement of Message Integrity During Transmission in a Communication Channel
Abstraction: Base · Status: Incomplete
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
50 vulnerabilities reference this CWE, most recent first.
GHSA-M82C-5HPW-48F7
Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-04-04 06:17A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
{
"affected": [],
"aliases": [
"CVE-2023-3347"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T15:15:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Samba\u0027s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured \"server signing = required\" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.",
"id": "GHSA-m82c-5hpw-48f7",
"modified": "2024-04-04T06:17:50Z",
"published": "2023-07-20T18:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:4325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:4328"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3347"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222792"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230731-0010"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5477"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2023-3347.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MPX7-3W53-G6R5
Vulnerability from github – Published: 2024-02-14 18:30 – Updated: 2024-02-14 18:30CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
{
"affected": [],
"aliases": [
"CVE-2023-6408"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-14T17:15:11Z",
"severity": "HIGH"
},
"details": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n",
"id": "GHSA-mpx7-3w53-g6r5",
"modified": "2024-02-14T18:30:25Z",
"published": "2024-02-14T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6408"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P89P-GPRQ-FRV8
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
{
"affected": [],
"aliases": [
"CVE-2018-14526"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-08T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.",
"id": "GHSA-p89p-gprq-frv8",
"modified": "2022-05-13T01:49:58Z",
"published": "2022-05-13T01:49:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14526"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3107"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html"
},
{
"type": "WEB",
"url": "https://papers.mathyvanhoef.com/woot2018.pdf"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3745-1"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041438"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PX5G-45FF-HQQC
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-16 21:31Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
{
"affected": [],
"aliases": [
"CVE-2024-44730"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T16:15:08Z",
"severity": "CRITICAL"
},
"details": "Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.",
"id": "GHSA-px5g-45ff-hqqc",
"modified": "2024-10-16T21:31:07Z",
"published": "2024-10-11T18:32:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44730"
},
{
"type": "WEB",
"url": "https://aware7.com/de/blog/schwachstellen-in-videokonferenzsystemen"
},
{
"type": "WEB",
"url": "https://github.com/miroslavpejic85"
},
{
"type": "WEB",
"url": "https://github.com/miroslavpejic85/mirotalk"
},
{
"type": "WEB",
"url": "https://github.com/miroslavpejic85/mirotalksfu/blob/main/SECURITY.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QPW4-5X99-6VJP
Vulnerability from github – Published: 2026-06-25 22:15 – Updated: 2026-07-07 15:24An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.52.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-39827"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T22:15:43Z",
"nvd_published_at": "2026-05-22T04:16:21Z",
"severity": "MODERATE"
},
"details": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"id": "GHSA-qpw4-5x99-6vjp",
"modified": "2026-07-07T15:24:35Z",
"published": "2026-06-25T22:15:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39827"
},
{
"type": "PACKAGE",
"url": "https://cs.opensource.google/go/x/crypto"
},
{
"type": "WEB",
"url": "https://go.dev/cl/781320"
},
{
"type": "WEB",
"url": "https://go.dev/issue/35127"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-5016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/crypto: Invoking memory leak when rejecting channels can lead to DoS"
}
GHSA-QX7G-8CQG-C43V
Vulnerability from github – Published: 2025-02-14 21:31 – Updated: 2025-02-14 21:31The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.
{
"affected": [],
"aliases": [
"CVE-2025-0592"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T21:15:16Z",
"severity": "HIGH"
},
"details": "The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.",
"id": "GHSA-qx7g-8cqg-c43v",
"modified": "2025-02-14T21:31:05Z",
"published": "2025-02-14T21:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0592"
},
{
"type": "WEB",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0002.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VHMJ-5Q9R-MM9G
Vulnerability from github – Published: 2024-07-17 16:01 – Updated: 2024-07-17 16:01Summary
BlastRADIUS (see blastradius.fail for details) also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked.
Details
Website with the vulnerability information blastradius.fail The original vulnerability has been assigned CVE-2024-3596 Case in vince: https://kb.cert.org/vuls/id/456537
PoC
There is no known proof-of-concept except for the attack shown in the paper from the researchers
Impact
An attacker can trigger an authentication flow with a RADIUS-backed token, intercept the RADIUS packet sent by eduMFA and modify the RADIUS server's answer, which would lead eduMFA to believe that the token is valid, even though the RADIUS servers answer was a reject.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "edumfa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-17T16:01:37Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nBlastRADIUS (see blastradius.fail for details) also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked.\n\n### Details\nWebsite with the vulnerability information blastradius.fail\nThe original vulnerability has been assigned CVE-2024-3596\nCase in vince: https://kb.cert.org/vuls/id/456537\n\n### PoC\nThere is no known proof-of-concept except for the attack shown in the paper from the researchers \n\n### Impact\nAn attacker can trigger an authentication flow with a RADIUS-backed token, intercept the RADIUS packet sent by eduMFA and modify the RADIUS server\u0027s answer, which would lead eduMFA to believe that the token is valid, even though the RADIUS servers answer was a reject.\n",
"id": "GHSA-vhmj-5q9r-mm9g",
"modified": "2024-07-17T16:01:37Z",
"published": "2024-07-17T16:01:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/eduMFA/eduMFA/security/advisories/GHSA-vhmj-5q9r-mm9g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3596"
},
{
"type": "WEB",
"url": "https://github.com/eduMFA/eduMFA/commit/ad9d18be31e8a6f536c646dc037d945de33fac60"
},
{
"type": "PACKAGE",
"url": "https://github.com/eduMFA/eduMFA"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/456537"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "BlastRADIUS also affects eduMFA"
}
GHSA-W33H-3R53-4XWJ
Vulnerability from github – Published: 2024-11-13 06:30 – Updated: 2024-11-13 06:30CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.
{
"affected": [],
"aliases": [
"CVE-2024-8933"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T04:15:05Z",
"severity": "HIGH"
},
"details": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel\nvulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of\nconfidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the\nlogical network while a valid user uploads or downloads a project file into the controller.",
"id": "GHSA-w33h-3r53-4xwj",
"modified": "2024-11-13T06:30:29Z",
"published": "2024-11-13T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8933"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WGJ3-G943-V8WV
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30{
"affected": [],
"aliases": [
"CVE-2024-43450"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T18:15:22Z",
"severity": "HIGH"
},
"details": "Windows DNS Spoofing Vulnerability",
"id": "GHSA-wgj3-g943-v8wv",
"modified": "2024-11-12T18:30:58Z",
"published": "2024-11-12T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43450"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43450"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHJW-7VH5-QXQM
Vulnerability from github – Published: 2024-03-08 17:33 – Updated: 2024-11-12 21:13- Issues:
- SCS_14 is allowed on encrypted connection (osdp_phy.c)
- No validation for RMAC_I is only in response to osdp_SCRYPT (osdp_cp.c)
- Couldn't find anything specific in the OSDP specifications indicating it is forbidden, I'm gussing it shouldn't be allowed according from the secure connection initialization flow (let me know if you think there is spec-rela ted change that should be done)
- Attack:
- Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it.
- While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reade r)
- Once attacker captures a session with the message to be replayed, he stops reseting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotly to the MIMT device or setting a specific timing).
- in order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the begining of the session.
- At that phase - attacker can replay all the messages from the begining of the session.
Impact
Replay attack
Patches
This issue has been fixed in 298576d9214b48214092eebdd892ec77be085e5a
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "libosdp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-52288"
],
"database_specific": {
"cwe_ids": [
"CWE-924"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-08T17:33:51Z",
"nvd_published_at": "2024-11-11T20:15:20Z",
"severity": "MODERATE"
},
"details": "- Issues:\n - SCS_14 is allowed on encrypted connection (osdp_phy.c)\n - No validation for RMAC_I is only in response to osdp_SCRYPT (osdp_cp.c)\n - Couldn\u0027t find anything specific in the OSDP specifications indicating it is forbidden, I\u0027m gussing it shouldn\u0027t be allowed according from the secure connection initialization flow (let me know if you think there is spec-rela\nted change that should be done)\n- Attack:\n - Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it.\n - While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reade\nr)\n - Once attacker captures a session with the message to be replayed, he stops reseting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotly to the MIMT device or setting\n a specific timing).\n - in order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the begining of the session.\n - At that phase - attacker can replay all the messages from the begining of the session.\n\n### Impact\nReplay attack\n\n### Patches\nThis issue has been fixed in 298576d9214b48214092eebdd892ec77be085e5a\n",
"id": "GHSA-xhjw-7vh5-qxqm",
"modified": "2024-11-12T21:13:28Z",
"published": "2024-03-08T17:33:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/goToMain/libosdp/security/advisories/GHSA-xhjw-7vh5-qxqm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52288"
},
{
"type": "WEB",
"url": "https://github.com/goToMain/libosdp/commit/298576d9214b48214092eebdd892ec77be085e5a"
},
{
"type": "PACKAGE",
"url": "https://github.com/goToMain/libosdp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "LibOSDP RMAC revert to the beginning of the session"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.