BaseDraft

CWE-1254Incorrect Comparison Logic Granularity

Category: other

Description

The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.

Common consequences· 1

  • Confidentiality / Authorization — Bypass Protection Mechanism

Potential mitigations· 1

  • [Implementation]

Related CAPEC attack patterns· 1

CAPEC-26

References

  1. https://cwe.mitre.org/data/definitions/1254.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2026-34570cve-2026-345700%live
VulnerabilityCVE-2026-34572cve-2026-345720%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Misinterpretation of Input
CWE
Improperly Implemented Security Check for Standard
CWE
Use of Insufficiently Random Values
CWE
Use of Weak Hash
CWE
Incorrect Behavior Order: Early Validation
CWE
Missing Critical Step in Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.