Tag Archives: CWE- 187

CWE-187 – Partial String Comparison

Read Time:1 Minute, 5 Second

Description

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1023

 

Consequences

Integrity, Access Control: Alter Execution Logic, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Testing

Description: 

Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.

CVE References

  • CVE-2014-6394
    • Product does not prevent access to restricted directories due to partial string comparison with a public directory
  • CVE-2004-1012
    • Argument parser of an IMAP server treats a partial command “body[p” as if it is “body.peek”, leading to index error and out-of-bounds corruption.
  • CVE-2004-0765
    • Web browser only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
  • CVE-2002-1374
    • One-character password by attacker checks only against first character of real password.
  • CVE-2000-0979
    • One-character password by attacker checks only against first character of real password.