CWE

Logic/Time Bomb

ID: 511		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Base

Description

The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.

Extended Description

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

Applicable Platforms
Language Class: All

Time Of Introduction

• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Other Integrity	Varies by context Alter execution logic

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Installation		Always verify the integrity of the software that is being installed.
Implementation		Conduct a code coverage analysis using live testing, then closely inspect the code that is not covered.

Relationships

Related CWE	Type	View	Chain
CWE-511 ChildOf CWE-904	Category	CWE-888

Demonstrative Examples   (Details)

1. Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Landwehr		Logic/Time Bomb

References:
None