Description

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to “fail functional” to minimize administration and support costs, instead of “failing safe.”

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-657
CWE-755
CWE-280

Consequences

Access Control: Bypass Protection Mechanism

Intended access restrictions can be bypassed, which is often contradictory to what the product’s administrator expects.

Potential Mitigations

Phase: Architecture and Design

Description: 

Subdivide and allocate resources and components so that a failure in one part does not affect the entire product.

CVE References

• CVE-2007-5277
  • The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to “fail functional.”

• CVE-2006-4407
  • Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.