CWE-358
Improperly Implemented Security Check for Standard
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Nome: Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
General Informations
Modes Of Introduction
Architecture and DesignImplementation
Piattaforme applicabili
Linguaggio
Class: Not Language-Specific (Undetermined)Conseguenze comuni
| Ambito | Impatto | Probabilità |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
Esempi osservati
| Riferimenti | Descrizione |
|---|---|
CVE-2002-0862 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-0970 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-1407 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2005-0198 | Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). |
CVE-2004-2163 | Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. |
CVE-2005-2181 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2182 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2298 | Security check not applied to all components, allowing bypass. |
Note sulla mappatura delle vulnerabilità
Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Note
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.Invio
| Nome | Organizzazione | Data | Data di rilascio | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
