Improperly Implemented Security Check for Standard |
Weakness ID: 358 (Weakness Base) | Status: Draft |
Description Summary
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
This is an implementation error, in which the algorithm/technique requires certain security-related behaviors or conditions that are not implemented or checked properly, thus causing a vulnerability. |
Reference | Description |
---|---|
CVE-2002-0862 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-0970 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2002-1407 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. |
CVE-2005-0198 | Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). |
CVE-2004-2163 | Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. |
CVE-2005-2181 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2182 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. |
CVE-2005-2298 | Security check not applied to all components, allowing bypass. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 254 | Security Features | Development Concepts (primary)699 |
ChildOf | Weakness Class | 573 | Failure to Follow Specification | Research Concepts (primary)1000 |
ChildOf | Weakness Class | 693 | Protection Mechanism Failure | Research Concepts1000 |
CanAlsoBe | Weakness Base | 290 | Authentication Bypass by Spoofing | Research Concepts1000 |
CanAlsoBe | Weakness Class | 345 | Insufficient Verification of Data Authenticity | Research Concepts1000 |
PeerOf | Weakness Base | 325 | Missing Required Cryptographic Step | Research Concepts1000 |
This is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant. |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Improperly Implemented Security Check for Standard |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Description | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Modes of Introduction, Observed Examples, Other Notes, Relationship Notes |