CWE-662 – Improper Synchronization

Read Time:28 Second

Description

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664
CWE-691
CWE-362

 

Consequences

Integrity, Confidentiality, Other: Modify Application Data, Read Application Data, Alter Execution Logic

 

Potential Mitigations

Phase: Implementation

Description: 

Use industry standard APIs to synchronize your code.

CVE References

CWE-66 – Improper Handling of File Names that Identify Virtual Resources

Read Time:33 Second

Description

The product does not handle or incorrectly handles a file name that identifies a “virtual” resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-706

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

CWE-657 – Violation of Secure Design Principles

Read Time:19 Second

Description

The product violates well-established principles for secure design.

This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-710

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

CWE-656 – Reliance on Security Through Obscurity

Read Time:1 Minute, 28 Second

Description

The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

This reliance on “security through obscurity” can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657
CWE-693
CWE-259
CWE-321
CWE-472

 

Consequences

Confidentiality, Integrity, Availability, Other: Other

The security mechanism can be bypassed easily.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others.

Phase: Architecture and Design

Description: 

When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication.

CVE References

  • CVE-2006-6588
    • Reliance on hidden form fields in a web application. Many web application vulnerabilities exist because the developer did not consider that “hidden” form fields can be processed using a modified client.
  • CVE-2006-7142
    • Hard-coded cryptographic key stored in executable program.
  • CVE-2005-4002
    • Hard-coded cryptographic key stored in executable program.
  • CVE-2006-4068
    • Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.

CWE-655 – Insufficient Psychological Acceptability

Read Time:41 Second

Description

The software has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657
CWE-693

 

Consequences

Access Control: Bypass Protection Mechanism

By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.

 

Potential Mitigations

Phase: Testing

Description: 

Where possible, perform human factors and usability studies to identify where your product’s security mechanisms are difficult to use, and why.

Phase: Architecture and Design

Description: 

Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results.

CVE References

CWE-654 – Reliance on a Single Factor in a Security Decision

Read Time:56 Second

Description

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657
CWE-693

 

Consequences

Access Control: Gain Privileges or Assume Identity

If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor.

Non-Repudiation: Hide Activities

It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security).

Phase: Architecture and Design

Description: 

Use redundant access rules on different choke points (e.g., firewalls).

CVE References

CWE-653 – Improper Isolation or Compartmentalization

Read Time:53 Second

Description

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657
CWE-693

 

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.

CVE References

  • CVE-2019-6260
    • Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC’s physical address space from the host, and possibly the network [REF-1138].

CWE-652 – Improper Neutralization of Data within XQuery Expressions (‘XQuery Injection’)

Read Time:51 Second

Description

The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.

The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-943
CWE-91

 

Consequences

Confidentiality: Read Application Data

An attacker might be able to read sensitive information from the XML database.

 

Potential Mitigations

Phase: Implementation

Description: 

Use parameterized queries. This will help ensure separation between data plane and control plane.

Phase: Implementation

Description: 

Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XQL queries is safe in that context.

CVE References

CWE-651 – Exposure of WSDL File Containing Sensitive Information

Read Time:55 Second

Description

The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-538

 

Consequences

Confidentiality: Read Application Data

The attacker may find sensitive information located in the WSDL file.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish WSDL publicly.

Phase: Architecture and Design

Description: 

Make sure that WSDL does not describe methods that should not be publicly accessible. Make sure to protect service methods that should not be publicly accessible with access controls.

Phase: Architecture and Design

Description: 

Do not use method names in WSDL that might help an adversary guess names of private methods/resources used by the service.

CVE References

CWE-650 – Trusting HTTP Permission Methods on the Server Side

Read Time:1 Minute, 36 Second

Description

The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

The HTTP GET method and some other methods are designed to retrieve resources and not to alter the state of the application or resources on the server side. Furthermore, the HTTP specification requires that GET requests (and other requests) should not have side effects. Believing that it will be enough to prevent unintended resource alterations, an application may disallow the HTTP requests to perform DELETE, PUT and POST operations on the resource representation. However, there is nothing in the HTTP protocol itself that actually prevents the HTTP GET method from performing more than just query of the data. Developers can easily code programs that accept a HTTP GET request that do in fact create, update or delete data on the server. For instance, it is a common practice with REST based Web Services to have HTTP GET requests modifying resources on the server side. However, whenever that happens, the access control needs to be properly enforced in the application. No assumptions should be made that only HTTP DELETE, PUT, POST, and other methods have the power to alter the representation of the resource being accessed in the request.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-436

 

Consequences

Access Control: Gain Privileges or Assume Identity

An attacker could escalate privileges.

Integrity: Modify Application Data

An attacker could modify resources.

Confidentiality: Read Application Data

An attacker could obtain sensitive information.

 

Potential Mitigations

Phase: System Configuration

Description: 

Configure ACLs on the server side to ensure that proper level of access control is defined for each accessible resource representation.

CVE References