Improperly Implemented Security Check for StandardID: 358 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software does not implement or incorrectly implements one
or more security-relevant checks as specified by the design of a standardized
algorithm, protocol, or technique.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
Access_Control | Bypass protection
mechanism | |
Detection MethodsNone
Potential MitigationsNone
RelationshipsThis is a "missing step" error on the product side, which can overlap
weaknesses such as insufficient verification and spoofing. It is frequently
found in cryptographic and authentication errors. It is sometimes
resultant.
Related CWE | Type | View | Chain |
---|
CWE-358 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2002-0862 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2002-0970 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2002-1407 : Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2005-0198 : Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
- CVE-2004-2163 : Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
- CVE-2005-2181 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
- CVE-2005-2182 : Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
- CVE-2005-2298 : Security check not applied to all components, allowing bypass.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Improperly Implemented Security Check for
Standard | |
References:None