CWE-642 External Control of Critical State Data
What this means
SiteShadow flagged critical state being controlled by external input (request params/body/cookies) without strong verification. "Critical state" includes role, account ID, price, workflow state, or security flags.
Why it matters
External control of state can bypass security logic.
- Privilege escalation if roles/permissions are client-controlled.
- Fraud if pricing/paid status is client-controlled.
- Workflow bypass if state transitions are client-controlled.
Safer examples
1) Keep critical state server-side
Look up roles, permissions, pricing, and workflow state from the server/database.
2) Use signed tokens where appropriate
If state must be carried in a token, sign it and validate signature + claims (see JWT01 / CWE-347).
3) Enforce allowed state transitions
Validate transitions server-side and reject invalid transitions (see B01 / A11).
How SiteShadow detects it (high level)
- Detects request-derived values being used in sensitive decisions (authz, money, workflow).
- Flags missing verification/allowlists around critical state fields.
References
- CWE-642: https://cwe.mitre.org/data/definitions/642.html
---