Tag Archives: CWE- 1023

CWE-1023 – Incomplete Comparison with Missing Factors

Read Time:31 Second

Description

The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.

An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-697

 

Consequences

Integrity, Access Control: Alter Execution Logic, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Testing

Description: 

Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.

CVE References