Tag Archives: CWE- 224

CWE-224 – Obscured Security-relevant Information by Alternate Name

Read Time:21 Second

Description

The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-221

 

Consequences

Non-Repudiation, Access Control: Hide Activities, Gain Privileges or Assume Identity

 

Potential Mitigations

CVE References

  • CVE-2002-0725
    • Attacker performs malicious actions on a hard link to a file, obscuring the real target file.