Home/CWE/Channel Accessible by Non-Endpoint
Weakness

Channel Accessible by Non-Endpoint

CWE-300 · Class · Draft

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Extended description

In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel.

An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-923 · Improper Restriction of Communication Channel to Intended Endpoints

Attack Patterns (CAPEC)

9
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-466Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy
CAPEC-57Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CAPEC-589DNS Blocking
CAPEC-590IP Address Blocking
CAPEC-612WiFi MAC Address Tracking
CAPEC-613WiFi SSID Tracking
CAPEC-615Evil Twin Wi-Fi Attack
CAPEC-662Adversary in the Browser (AiTB)
CAPEC-94Adversary in the Middle (AiTM)

CVEs With This Weakness

53
A sample of the 53 CVEs tagged with this weakness.
CVECVE-2026-23812
CVECVE-2026-23811
CVECVE-2026-23810
CVECVE-2025-63363
CVECVE-2025-54792
CVECVE-2025-40770
CVECVE-2025-31214
CVECVE-2025-20122
CVECVE-2024-50568
CVECVE-2024-50565
CVECVE-2024-45407
CVECVE-2024-36553
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin