CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Description
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29628 | Cri | 0.61 | 9.4 | 0.00 | Jul 25, 2025 | A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and… | ||
| CVE-2024-3596 | Cri | 0.60 | 9.0 | 0.15 | Jul 9, 2024 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||
| CVE-2024-44730 | Cri | 0.59 | 9.1 | 0.00 | Oct 11, 2024 | Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. | ||
| CVE-2025-0592 | — | Hig | 0.57 | 8.8 | 0.00 | Feb 14, 2025 | The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device. | |
| CVE-2019-25719 | Hig | 0.56 | 8.6 | 0.00 | Jun 2, 2026 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service… | ||
| CVE-2023-2885 | Hig | 0.53 | 8.1 | 0.00 | May 25, 2023 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||
| CVE-2018-7295 | Hig | 0.53 | 8.1 | 0.00 | May 23, 2018 | ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves… | ||
| CVE-2024-8933 | — | Hig | 0.49 | 7.5 | 0.00 | Nov 13, 2024 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the… | |
| CVE-2024-12399 | — | Hig | 0.46 | 7.1 | 0.00 | Jan 17, 2025 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting… | |
| CVE-2018-14526 | — | Med | 0.42 | 6.5 | 0.01 | Aug 8, 2018 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to… | |
| CVE-2026-39827 | Med | 0.35 | 6.5 | 0.00 | May 22, 2026 | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state… | ||
| CVE-2024-52288 | Med | 0.26 | 5.1 | 0.00 | Nov 11, 2024 | libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not… |
- risk 0.61cvss 9.4epss 0.00
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and…
- risk 0.60cvss 9.0epss 0.15
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
- risk 0.59cvss 9.1epss 0.00
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
- risk 0.57cvss 8.8epss 0.00
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.
- risk 0.56cvss 8.6epss 0.00
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service…
- risk 0.53cvss 8.1epss 0.00
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
- risk 0.53cvss 8.1epss 0.00
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves…
- risk 0.49cvss 7.5epss 0.00
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the…
- risk 0.46cvss 7.1epss 0.00
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to…
- risk 0.35cvss 6.5epss 0.00
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state…
- risk 0.26cvss 5.1epss 0.00
libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not…