CWE-408: Incorrect Behavior Order: Early Amplification

Description

The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

This data prints the contents of a specified file requested by a user.


// //read file into string// 

echo $file;return true;
echo 'You are not authorized to view this file';
$file = file_get_contents($filename);if ($file && isOwnerOf($username,$filename)){}else{}return false;function printFile($username,$filename){}

This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-405: Asymmetric Resource Consumption (Amplification)

Go to

CWE-696: Incorrect Behavior Order

Go to

Visit http://cwe.mitre.org/ for more details.