CWE-358
Improperly Implemented Security Check for Standard
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Informacje ogólne
Sposoby wprowadzenia
Architecture and DesignImplementation
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2002-0862 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-0970 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-1407 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2005-0198 | Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). |
CVE-2004-2163 | Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. |
CVE-2005-2181 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2182 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2298 | Security check not applied to all components, allowing bypass. |
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notatki
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
