Description

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Detection Methods
None

Potential Mitigations
None

Relationships
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.

Demonstrative Examples
None

Observed Examples

1. CVE-2002-0862 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
2. CVE-2002-0970 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
3. CVE-2002-1407 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
4. CVE-2005-0198 : Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
5. CVE-2004-2163 : Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
6. CVE-2005-2181 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
7. CVE-2005-2182 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
8. CVE-2005-2298 : Security check not applied to all components, allowing bypass.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

References:
None