CWE-510 – Trapdoor

Read Time:30 Second

Description

A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-506

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Installation

Description: 

Always verify the integrity of the software that is being installed.

Phase: Testing

Description: 

Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications.

CVE References