CWE-693: Protection Mechanism Failure

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-182: Collapse of Data into Unsafe Value
Go to
CWE-184: Incomplete List of Disallowed Inputs
Go to
CWE-311: Missing Encryption of Sensitive Data
Go to
CWE-326: Inadequate Encryption Strength
Go to
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Go to
CWE-330: Use of Insufficiently Random Values
Go to
CWE-345: Insufficient Verification of Data Authenticity
Go to
CWE-357: Insufficient UI Warning of Dangerous Operations
Go to
CWE-358: Improperly Implemented Security Check for Standard
Go to
CWE-424: Improper Protection of Alternate Path
Go to
CWE-602: Client-Side Enforcement of Server-Side Security
Go to
CWE-653: Improper Isolation or Compartmentalization
Go to
CWE-654: Reliance on a Single Factor in a Security Decision
Go to
CWE-655: Insufficient Psychological Acceptability
Go to
CWE-656: Reliance on Security Through Obscurity
Go to
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Go to
CWE-778: Insufficient Logging
Go to
CWE-807: Reliance on Untrusted Inputs in a Security Decision
Go to
CWE-1039: Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Go to
CWE-1248: Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Go to
CWE-1253: Incorrect Selection of Fuse Values
Go to
CWE-1269: Product Released in Non-Release Configuration
Go to
CWE-1278: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Go to
CWE-1291: Public Key Re-Use for Signing both Debug and Production Code
Go to
CWE-1318: Missing Support for Security Features in On-chip Fabrics or Buses
Go to
CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)
Go to
CWE-1326: Missing Immutable Root of Trust in Hardware
Go to
CWE-1338: Improper Protections Against Hardware Overheating
Go to

Visit http://cwe.mitre.org/ for more details.