[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improperly Implemented Security Check for Standard

ID: 358Date: (C)2012-05-14   (M)2017-11-15
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
 
Bypass protection mechanism
 
 

Detection Methods
None

Potential Mitigations
None

Relationships
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.

Related CWETypeViewChain
CWE-358 ChildOf CWE-907 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2002-0862 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
  2. CVE-2002-0970 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
  3. CVE-2002-1407 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
  4. CVE-2005-0198 : Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
  5. CVE-2004-2163 : Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
  6. CVE-2005-2181 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
  7. CVE-2005-2182 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
  8. CVE-2005-2298 : Security check not applied to all components, allowing bypass.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Improperly Implemented Security Check for Standard
 
 

References:
None

© 2013 SecPod Technologies