VYPR

CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

BaseIncomplete

Description

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (12)

  • CVE-2025-29628CriJul 25, 2025
    risk 0.61cvss 9.4epss 0.00

    A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and…

  • CVE-2024-3596CriJul 9, 2024
    risk 0.60cvss 9.0epss 0.15

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

  • CVE-2024-44730CriOct 11, 2024
    risk 0.59cvss 9.1epss 0.00

    Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.

  • CVE-2025-0592HigFeb 14, 2025
    risk 0.57cvss 8.8epss 0.00

    The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.

  • CVE-2019-25719HigJun 2, 2026
    risk 0.56cvss 8.6epss 0.00

    Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service…

  • CVE-2023-2885HigMay 25, 2023
    risk 0.53cvss 8.1epss 0.00

    Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

  • CVE-2018-7295HigMay 23, 2018
    risk 0.53cvss 8.1epss 0.00

    ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves…

  • CVE-2024-8933HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.00

    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the…

  • CVE-2024-12399HigJan 17, 2025
    risk 0.46cvss 7.1epss 0.00

    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting…

  • CVE-2018-14526MedAug 8, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to…

  • CVE-2026-39827MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state…

  • CVE-2024-52288MedNov 11, 2024
    risk 0.26cvss 5.1epss 0.00

    libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not…