CWE-405 – Asymmetric Resource Consumption (Amplification)

Read Time:41 Second

Description

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.

Modes of Introduction:

– Operation

 

 

Related Weaknesses

CWE-664

 

Consequences

Availability: DoS: Amplification, DoS: Resource Consumption (Other)

Sometimes this is a factor in “flood” attacks, but other types of amplification exist.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

An application must make resources available to a client commensurate with the client’s access level.

Phase: Architecture and Design

Description: 

An application must, at all times, keep track of allocated resources and meter their usage appropriately.

CVE References