Description
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to “fail functional” to minimize administration and support costs, instead of “failing safe.”
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Intended access restrictions can be bypassed, which is often contradictory to what the product’s administrator expects.
Potential Mitigations
Phase: Architecture and Design
Description:
Subdivide and allocate resources and components so that a failure in one part does not affect the entire product.
CVE References
- CVE-2007-5277
- The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to “fail functional.”
- CVE-2006-4407
- Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.