Read Time:31 Second
Description
The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity, Access Control: Alter Execution Logic, Bypass Protection Mechanism
Potential Mitigations
Phase: Testing
Description:
Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.