CWE-358
Improperly Implemented Security Check for Standard
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Allgemeine Informationen
Einführungsmodi
Architecture and DesignImplementation
Anwendbare Plattformen
Sprache
Class: Not Language-Specific (Undetermined)Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
Beobachtete Beispiele
| Referenzen | Beschreibung |
|---|---|
CVE-2002-0862 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-0970 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-1407 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2005-0198 | Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). |
CVE-2004-2163 | Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. |
CVE-2005-2181 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2182 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2298 | Security check not applied to all components, allowing bypass. |
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Hinweise
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
