CWE-408: Incorrect Behavior Order: Early Amplification
Description
The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
This data prints the contents of a specified file requested by a user. This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.
// //read file into string//
echo $file;return true;
echo 'You are not authorized to view this file';
$file = file_get_contents($filename);if ($file && isOwnerOf($username,$filename)){}else{}return false;function printFile($username,$filename){}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.