CWE-693: Protection Mechanism Failure
Description
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Submission Date :
April 11, 2008, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-182: Collapse of Data into Unsafe Value
CWE-184: Incomplete List of Disallowed Inputs
CWE-311: Missing Encryption of Sensitive Data
CWE-326: Inadequate Encryption Strength
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-330: Use of Insufficiently Random Values
CWE-345: Insufficient Verification of Data Authenticity
CWE-357: Insufficient UI Warning of Dangerous Operations
CWE-358: Improperly Implemented Security Check for Standard
CWE-424: Improper Protection of Alternate Path
CWE-602: Client-Side Enforcement of Server-Side Security
CWE-653: Improper Isolation or Compartmentalization
CWE-654: Reliance on a Single Factor in a Security Decision
CWE-655: Insufficient Psychological Acceptability
CWE-656: Reliance on Security Through Obscurity
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-778: Insufficient Logging
CWE-807: Reliance on Untrusted Inputs in a Security Decision
CWE-1039: Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
CWE-1248: Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE-1253: Incorrect Selection of Fuse Values
CWE-1269: Product Released in Non-Release Configuration
CWE-1278: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CWE-1291: Public Key Re-Use for Signing both Debug and Production Code
CWE-1318: Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)
CWE-1326: Missing Immutable Root of Trust in Hardware
CWE-1338: Improper Protections Against Hardware Overheating
Visit http://cwe.mitre.org/ for more details.