CWE-408 – Incorrect Behavior Order: Early Amplification

Read Time:25 Second

Description

The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-405
CWE-696

 

Consequences

Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.

 

Potential Mitigations

CVE References

  • CVE-2004-2458
    • Tool creates directories before authenticating user.