Tag Archives: CWE- 636

CWE-636 – Not Failing Securely (‘Failing Open’)

Read Time:1 Minute, 14 Second

Description

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to “fail functional” to minimize administration and support costs, instead of “failing safe.”

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657
CWE-755
CWE-280

 

Consequences

Access Control: Bypass Protection Mechanism

Intended access restrictions can be bypassed, which is often contradictory to what the product’s administrator expects.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Subdivide and allocate resources and components so that a failure in one part does not affect the entire product.

CVE References

  • CVE-2007-5277
    • The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to “fail functional.”
  • CVE-2006-4407
    • Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.