CWE-694Use of Multiple Resources with Duplicate Identifier

Description

The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Common consequences

• Access Control→Bypass Protection Mechanism
  If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.
• Other→Quality Degradation

Potential mitigations

• Architecture and Design
  Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

Related CWEs

Recent CVEs classified under this CWE