Omission of Security-relevant Information
Weakness ID: 223 (Weakness Base)Status: Draft
+ Description

Description Summary

The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-1999-1029Login attempts not recorded if user disconnects before maximum number of tries.
CVE-2002-1839Sender's IP address not recorded in outgoing e-mail.
CVE-2000-0542Failed authentication attempt not recorded if later attempt succeeds.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class221Information Loss or Omission
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base778Insufficient Logging
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVEROmission of Security-relevant Information
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-07-27CWE Content TeamMITREInternal
updated Relationships