Read Time:30 Second
Description
A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Potential Mitigations
Phase: Installation
Description:
Always verify the integrity of the software that is being installed.
Phase: Testing
Description:
Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications.