Category Archives: CWE

Advisories, CWE, Education

Understanding and Mitigating the CVE-2022-41741 Vulnerability in NGINX

Read Time:1 Minute, 48 Second

NGINX, a widely-used open-source web server, has recently been affected by a critical vulnerability – CVE-2022-41741. The vulnerability is specific to NGINX’s module, ngx_http_mp4_module, and can be exploited by a local attacker to corrupt NGINX worker memory resulting in its termination. In this article, we will explain the details of the CVE-2022-41741 vulnerability and provide guidance on how to mitigate the risk.

What is CVE-2022-41741?

CVE-2022-41741 is a vulnerability in NGINX’s module, ngx_http_mp4_module. The vulnerability allows a local attacker to corrupt NGINX worker memory, which can cause its termination or other potential impact, using a specially crafted audio or video file. The attack can be executed only when the mp4 directive is used in the configuration file of NGINX products built with the ngx_http_mp4_module.

What does CVE-2022-41741 affect?

The CVE-2022-41741 vulnerability in NGINX can have a significant impact on the security and stability of the web server. If exploited, the vulnerability can cause NGINX to crash, resulting in downtime and a loss of availability. Furthermore, attackers can also gain access to sensitive information stored in the system by exploiting the vulnerability.

How can you protect yourself from CVE-2022-41741?

To mitigate the risk of CVE-2022-41741, users of NGINX products built with the ngx_http_mp4_module should update their software to the latest version. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 are all vulnerable to this CVE-2022-41741 vulnerability. Therefore, updating to the latest version will address the vulnerability and prevent attackers from exploiting it.

In summary, the CVE-2022-41741 vulnerability in NGINX’s module, ngx_http_mp4_module, can have severe consequences if exploited. However, updating to the latest version of NGINX will mitigate the risk and prevent attackers from exploiting this vulnerability. Therefore, it is essential to ensure that the web server is updated as soon as possible to avoid any potential security risks.

CWE, Education

CWE

Read Time:1 Minute, 11 Second

CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.

The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities

The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.

Please check our post about Vulnerability Analysis to learn more about CWE usage.

Please find a list of all the CWE below or use the search box above to find a specific CWE.

  • CWE-400 – Uncontrolled Resource Consumption

    PRIVACY PRIVACY Description The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Modes of Introduction: – Operation   Likelihood of Exploit: High   Related Weaknesses CWE-664   Consequences Availability: DoS: Crash,…

  • CWE-356 – Product UI does not Warn User of Unsafe Actions

    PRIVACY PRIVACY Description The software’s user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. Software systems should warn users that a potentially dangerous action may occur if the user proceeds. For example,…

  • CWE-357 – Insufficient UI Warning of Dangerous Operations

    PRIVACY PRIVACY Description The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-693   Consequences Non-Repudiation: Hide Activities   Potential Mitigations CVE References CVE-2007-1099 User not sufficiently warned if…

  • CWE-358 – Improperly Implemented Security Check for Standard

    PRIVACY PRIVACY Description The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-573 CWE-693 CWE-345 CWE-290   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations CVE References…

  • CWE-359 – Exposure of Private Personal Information to an Unauthorized Actor

    PRIVACY PRIVACY Description The product does not properly prevent a person’s private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. Modes of Introduction: – Architecture and Design  …

  • CWE-36 – Absolute Path Traversal

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or…

  • CWE-360 – Trust of System Event Data

    PRIVACY PRIVACY Description Security based on event locations are insecure and can be spoofed. Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a…

  • CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

    PRIVACY PRIVACY Description The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. Modes of Introduction: – Architecture and…

  • CWE-363 – Race Condition Enabling Link Following

    PRIVACY PRIVACY Description The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file. While developers might expect that there is a very narrow time…

  • CWE-364 – Signal Handler Race Condition

    PRIVACY PRIVACY Description The software uses a signal handler that introduces a race condition. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-362 CWE-415 CWE-416 CWE-123   Consequences Integrity, Confidentiality, Availability: Modify Application Data, Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands It may…

  • CWE-365 – DEPRECATED: Race Condition in Switch

    PRIVACY PRIVACY Description This entry has been deprecated. There are no documented cases in which a switch’s control expression is evaluated more than once. It is likely that this entry was initially created based on a misinterpretation of the original source material. The original source intended to explain how switches could be unpredictable when using…

  • CWE-366 – Race Condition within a Thread

    PRIVACY PRIVACY Description If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-362 CWE-662 CWE-662   Consequences Integrity, Other: Alter Execution…

  • CWE-367 – Time-of-check Time-of-use (TOCTOU) Race Condition

    PRIVACY PRIVACY Description The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This…

  • CWE-368 – Context Switching Race Condition

    PRIVACY PRIVACY Description A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product’s behavior during the switch. This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions…

  • CWE-369 – Divide By Zero

    PRIVACY PRIVACY Description The product divides a value by zero. This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height. Modes of Introduction: – Implementation   Likelihood…

  • CWE-37 – Path Traversal: ‘/absolute/pathname/here’

    PRIVACY PRIVACY Description A software system that accepts input in the form of a slash absolute path (‘/absolute/pathname/here’) without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-36 CWE-160   Consequences Confidentiality, Integrity: Read Files or…

  • CWE-370 – Missing Check for Certificate Revocation after Initial Check

    PRIVACY PRIVACY Description The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time. If the revocation status of a certificate is not checked before each action that requires privileges, the…

  • CWE-372 – Incomplete Internal State Distinction

    PRIVACY PRIVACY Description The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-664   Consequences…

  • CWE-373 – DEPRECATED: State Synchronization Error

    PRIVACY PRIVACY Description This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662). Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-374 – Passing Mutable Objects to an Untrusted Method

    PRIVACY PRIVACY Description The program sends non-cloned mutable data as an argument to a method or function. The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to…

  • CWE-375 – Returning a Mutable Object to an Untrusted Caller

    PRIVACY PRIVACY Description Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function. In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was…

  • CWE-337 – Predictable Seed in Pseudo-Random Number Generator (PRNG)

    PRIVACY PRIVACY Description A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time. The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG. Modes…

  • CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

    PRIVACY PRIVACY Description The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-330 CWE-330   Consequences Access Control: Bypass Protection Mechanism If a PRNG is used for authentication and…

  • CWE-339 – Small Seed Space in PRNG

    PRIVACY PRIVACY Description A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks. PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed…

  • CWE-34 – Path Traversal: ‘….//’

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘….//’ (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences…

  • CWE-340 – Generation of Predictable Numbers or Identifiers

    PRIVACY PRIVACY Description The product uses a scheme that generates numbers or identifiers that are more predictable than required. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-330   Consequences Other: Varies by Context   Potential Mitigations CVE References

  • CWE-341 – Predictable from Observable State

    PRIVACY PRIVACY Description A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-340   Consequences Other: Varies by Context This weakness could be exploited by…

  • CWE-342 – Predictable Exact Value from Previous Values

    PRIVACY PRIVACY Description An exact value or random number can be precisely predicted by observing previous values. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-340   Consequences Other: Varies by Context   Potential Mitigations Phase: Description:  Increase the entropy used to seed a PRNG. Phase: Architecture and Design, Requirements Description:  Use…

  • CWE-343 – Predictable Value Range from Previous Values

    PRIVACY PRIVACY Description The software’s random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated. The output of a random number generator should not be predictable based on observations of previous values. In some cases,…

  • CWE-344 – Use of Invariant Value in Dynamically Changing Context

    PRIVACY PRIVACY Description The product uses a constant value, name, or reference, but this value can (or should) vary across different environments. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-330   Consequences Other: Varies by Context   Potential Mitigations CVE References CVE-2002-0980 Component for web browser writes an error message to…

  • CWE-345 – Insufficient Verification of Data Authenticity

    PRIVACY PRIVACY Description The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-693   Consequences Integrity, Other: Varies by Context, Unexpected State   Potential Mitigations CVE References

  • CWE-346 – Origin Validation Error

    PRIVACY PRIVACY Description The software does not properly verify that the source of data or communication is valid. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-345 CWE-345 CWE-284   Consequences Access Control, Other: Gain Privileges or Assume Identity, Varies by Context An attacker can access any functionality that is inadvertently accessible…

  • CWE-347 – Improper Verification of Cryptographic Signature

    PRIVACY PRIVACY Description The software does not verify, or incorrectly verifies, the cryptographic signature for data. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-345 CWE-345   Consequences Access Control, Integrity, Confidentiality: Gain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands An attacker could gain access to sensitive…

  • CWE-348 – Use of Less Trusted Source

    PRIVACY PRIVACY Description The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-345   Consequences Access Control: Bypass Protection Mechanism, Gain…

  • CWE-349 – Acceptance of Extraneous Untrusted Data With Trusted Data

    PRIVACY PRIVACY Description The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-345   Consequences Access Control, Integrity: Bypass Protection Mechanism, Modify Application Data An attacker…

  • CWE-35 – Path Traversal: ‘…/…//’

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘…/…//’ (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences…

  • CWE-350 – Reliance on Reverse DNS Resolution for a Security-Critical Action

    PRIVACY PRIVACY Description The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-290 CWE-923 CWE-807 CWE-923   Consequences…

  • CWE-351 – Insufficient Type Distinction

    PRIVACY PRIVACY Description The software does not properly distinguish between different types of elements in a way that leads to insecure behavior. Modes of Introduction: – Implementation     Related Weaknesses CWE-345 CWE-436   Consequences Other: Other   Potential Mitigations CVE References CVE-2005-2260 Browser user interface does not distinguish between user-initiated and synthetic events. CVE-2005-2801…

  • CWE-352 – Cross-Site Request Forgery (CSRF)

    PRIVACY PRIVACY Description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might…

  • CWE-353 – Missing Support for Integrity Check

    PRIVACY PRIVACY Description The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. If integrity check values or “checksums” are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of…

  • CWE-354 – Improper Validation of Integrity Check Value

    PRIVACY PRIVACY Description The software does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification…

  • CWE-318 – Cleartext Storage of Sensitive Information in Executable

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext in an executable. Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used,…

  • CWE-319 – Cleartext Transmission of Sensitive Information

    PRIVACY PRIVACY Description The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be “sniffed” by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers…

  • CWE-32 – Path Traversal: ‘…’ (Triple Dot)

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘…’ (triple dot) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences Confidentiality, Integrity:…

  • CWE-321 – Use of Hard-coded Cryptographic Key

    PRIVACY PRIVACY Description The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-798 CWE-798 CWE-798   Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity If hard-coded cryptographic keys are…

  • CWE-322 – Key Exchange without Entity Authentication

    PRIVACY PRIVACY Description The software performs a key exchange with an actor without verifying the identity of that actor. Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate…

  • CWE-323 – Reusing a Nonce, Key Pair in Encryption

    PRIVACY PRIVACY Description Nonces should be used for the present occasion and only once. Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-344   Consequences Access Control: Bypass…

  • CWE-324 – Use of a Key Past its Expiration Date

    PRIVACY PRIVACY Description The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use…

  • CWE-325 – Missing Cryptographic Step

    PRIVACY PRIVACY Description The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm. Modes of Introduction: – Implementation     Related Weaknesses CWE-573 CWE-358   Consequences Access Control: Bypass Protection Mechanism Confidentiality, Integrity: Read Application Data, Modify Application Data Accountability, Non-Repudiation: Hide Activities  …

  • CWE-326 – Inadequate Encryption Strength

    PRIVACY PRIVACY Description The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources. Modes of…

  • CWE-327 – Use of a Broken or Risky Cryptographic Algorithm

    PRIVACY PRIVACY Description The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist…

  • CWE-328 – Use of Weak Hash

    PRIVACY PRIVACY Description The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to…

  • CWE-329 – Generation of Predictable IV with CBC Mode

    PRIVACY PRIVACY Description The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-1204 CWE-573   Consequences…

  • CWE-33 – Path Traversal: ‘….’ (Multiple Dot)

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘….’ (multiple dot) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences Confidentiality, Integrity:…

  • CWE-330 – Use of Insufficiently Random Values

    PRIVACY PRIVACY Description The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or…

  • CWE-331 – Insufficient Entropy

    PRIVACY PRIVACY Description The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-330 CWE-330   Consequences Access Control, Other: Bypass Protection Mechanism, Other An attacker could guess the…

  • CWE-332 – Insufficient Entropy in PRNG

    PRIVACY PRIVACY Description The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-331   Consequences Availability: DoS: Crash, Exit, or Restart If a pseudo-random number generator is using…

  • CWE-333 – Improper Handling of Insufficient Entropy in TRNG

    PRIVACY PRIVACY Description True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block. The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security. Modes of Introduction: – Architecture and Design  …

  • CWE-334 – Small Space of Random Values

    PRIVACY PRIVACY Description The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-330   Consequences Access Control, Other: Bypass Protection Mechanism, Other An attacker could easily guess the values used. This could…

  • CWE-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

    PRIVACY PRIVACY Description The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-330 CWE-330   Consequences Access Control, Other: Bypass Protection Mechanism, Other If a PRNG is used incorrectly, such as using the same seed for each initialization or…

  • CWE-336 – Same Seed in Pseudo-Random Number Generator (PRNG)

    PRIVACY PRIVACY Description A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized. Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be…

  • CWE-299 – Improper Check for Certificate Revocation

    PRIVACY PRIVACY Description The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is…

  • CWE-30 – Path Traversal: ‘dir..filename’

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘dir..filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences…

  • CWE-300 – Channel Accessible by Non-Endpoint

    PRIVACY PRIVACY Description The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. In order to establish secure…

  • CWE-301 – Reflection Attack in an Authentication Protocol

    PRIVACY PRIVACY Description Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-287 CWE-327   Consequences Access Control: Gain Privileges or Assume Identity The primary result of…

  • CWE-302 – Authentication Bypass by Assumed-Immutable Data

    PRIVACY PRIVACY Description The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287 CWE-807   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations Phase: Architecture and Design, Operation,…

  • CWE-303 – Incorrect Implementation of Authentication Algorithm

    PRIVACY PRIVACY Description The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed. Modes of Introduction: – Implementation     Related Weaknesses CWE-287   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations CVE References…

  • CWE-304 – Missing Critical Step in Authentication

    PRIVACY PRIVACY Description The software implements an authentication technique, but it skips a step that weakens the technique. Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287 CWE-573  …

  • CWE-305 – Authentication Bypass by Primary Weakness

    PRIVACY PRIVACY Description The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations CVE References CVE-2002-1374 The…

  • CWE-306 – Missing Authentication for Critical Function

    PRIVACY PRIVACY Description The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-287 CWE-287   Consequences Access Control, Other: Gain Privileges or Assume Identity, Other Exposing critical…

  • CWE-307 – Improper Restriction of Excessive Authentication Attempts

    PRIVACY PRIVACY Description The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287 CWE-287 CWE-799   Consequences Access Control: Bypass Protection Mechanism An attacker could perform…

  • CWE-308 – Use of Single-factor Authentication

    PRIVACY PRIVACY Description The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of…

  • CWE-309 – Use of Password System for Primary Authentication

    PRIVACY PRIVACY Description The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism. Password systems are the simplest and most ubiquitous authentication mechanisms. However, they are subject to such well known attacks,and such frequent compromise that their use in…

  • CWE-31 – Path Traversal: ‘dir….filename’

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘dir….filename’ (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23  …

  • CWE-311 – Missing Encryption of Sensitive Data

    PRIVACY PRIVACY Description The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-693   Consequences Confidentiality:…

  • CWE-312 – Cleartext Storage of Sensitive Information

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used,…

  • CWE-313 – Cleartext Storage in a File or on Disk

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext in a file, or on disk. The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could…

  • CWE-314 – Cleartext Storage in the Registry

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext in the registry. Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information. Modes of Introduction: – Architecture and…

  • CWE-315 – Cleartext Storage of Sensitive Information in a Cookie

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext in a cookie. Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information. Modes of…

  • CWE-316 – Cleartext Storage of Sensitive Information in Memory

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext in memory. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-312   Consequences Confidentiality: Read Memory   Potential Mitigations CVE References CVE-2001-1517 Sensitive authentication information in cleartext in memory. BID:10155 Sensitive authentication information in cleartext in memory. CVE-2001-0984 Password protector leaves passwords…

  • CWE-317 – Cleartext Storage of Sensitive Information in GUI

    PRIVACY PRIVACY Description The application stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could…

  • CWE-280 – Improper Handling of Insufficient Permissions or Privileges

    PRIVACY PRIVACY Description The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. Modes of Introduction: – Architecture and Design     Related Weaknesses…

  • CWE-281 – Improper Preservation of Permissions

    PRIVACY PRIVACY Description The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-732 CWE-732   Consequences Confidentiality, Integrity: Read Application Data, Modify Application Data   Potential…

  • CWE-282 – Improper Ownership Management

    PRIVACY PRIVACY Description The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-284   Consequences Access Control: Gain Privileges or Assume Identity   Potential Mitigations Phase: Architecture and Design, Operation Description:  Very carefully manage the…

  • CWE-283 – Unverified Ownership

    PRIVACY PRIVACY Description The software does not properly verify that a critical resource is owned by the proper entity. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-282   Consequences Access Control: Gain Privileges or Assume Identity An attacker could gain unauthorized access to system resources.   Potential Mitigations Phase: Architecture and…

  • CWE-284 – Improper Access Control

    PRIVACY PRIVACY Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Modes of Introduction: – Architecture and Design     Related Weaknesses   Consequences Other: Varies by Context   Potential Mitigations Phase: Architecture and Design, Operation Description:  Very carefully manage the setting, management, and handling of privileges.…

  • CWE-285 – Improper Authorization

    PRIVACY PRIVACY Description The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions:…

  • CWE-286 – Incorrect User Management

    PRIVACY PRIVACY Description The software does not properly manage a user within its environment. Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-284   Consequences Other: Varies by Context   Potential Mitigations CVE…

  • CWE-287 – Improper Authentication

    PRIVACY PRIVACY Description When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-284 CWE-284   Consequences Integrity, Confidentiality, Availability, Access Control: Read Application Data, Gain Privileges or…

  • CWE-288 – Authentication Bypass Using an Alternate Path or Channel

    PRIVACY PRIVACY Description A product requires authentication, but the product has an alternate path or channel that does not require authentication. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287 CWE-284 CWE-420 CWE-425   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations Phase: Architecture and Design Description:  Funnel all access through…

  • CWE-289 – Authentication Bypass by Alternate Name

    PRIVACY PRIVACY Description The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287   Consequences Access Control:…

  • CWE-29 – Path Traversal: ‘..filename’

    PRIVACY PRIVACY Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘..filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. Modes of Introduction: – Implementation     Related Weaknesses CWE-23   Consequences…

  • CWE-290 – Authentication Bypass by Spoofing

    PRIVACY PRIVACY Description This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-287 CWE-287   Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity This weakness can allow an attacker to access resources which are…

  • CWE-291 – Reliance on IP Address for Authentication

    PRIVACY PRIVACY Description The software uses an IP address for authentication. IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine…

  • CWE-292 – DEPRECATED: Trusting Self-reported DNS Name

    PRIVACY PRIVACY Description This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-293 – Using Referer Field for Authentication

    PRIVACY PRIVACY Description The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking. The referer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question. Modes of…

  • CWE-294 – Authentication Bypass by Capture-replay

    PRIVACY PRIVACY Description A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult…

  • CWE-295 – Improper Certificate Validation

    PRIVACY PRIVACY Description The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted…

  • CWE-296 – Improper Following of a Certificate’s Chain of Trust

    PRIVACY PRIVACY Description The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Low   Related Weaknesses CWE-295 CWE-573  …