Tag Archives: CWE- 511

CWE-511 – Logic/Time Bomb

Read Time:41 Second

Description

The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-506

 

Consequences

Other, Integrity: Varies by Context, Alter Execution Logic

 

Potential Mitigations

Phase: Installation

Description: 

Always verify the integrity of the software that is being installed.

Phase: Testing

Description: 

Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

CVE References