Use of Invariant Value in Dynamically Changing Context |
Weakness ID: 344 (Weakness Base) | Status: Draft |
Description Summary
The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.
Reference | Description |
---|---|
CVE-2002-0980 | Component for web browser writes an error message to a known location, which can then be referenced by attackers to process HTML/script in a less restrictive context |
Increase the entropy used to seed a PRNG. |
Phase: Implementation Perform FIPS 140-2 tests on data to catch obvious entropy problems. |
This is often a factor in attacks on web browsers, in which known or predictable filenames become necessary to exploit browser vulnerabilities. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Resultant | (where the weakness is typically related to the presence of some other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 330 | Use of Insufficiently Random Values | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 259 | Use of Hard-coded Password | Research Concepts1000 |
ParentOf | Weakness Base | 321 | Use of Hard-coded Cryptographic Key | Research Concepts1000 |
ParentOf | Weakness Base | 323 | Reusing a Nonce, Key Pair in SecurityDatabase\Encrypt\Encryption | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 587 | Assignment of a Fixed Address to a Pointer | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 798 | Use of Hard-coded Credentials | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Static Value in Unpredictable Context |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Relationship Notes, Relevant Properties, Taxonomy Mappings, Weakness Ordinalities | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Static Value in Unpredictable Context | |||