BaseDraft

CWE-455Non-exit on Failed Initialization

Category: other

Description

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Common consequences· 1

  • Integrity / Other — Modify Application Data, Alter Execution Logic
    The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.

Potential mitigations· 1

  • [Implementation]Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker.

References

  1. https://cwe.mitre.org/data/definitions/455.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Initialization of Resource
CWE
Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
CWE
Insecure Default Variable Initialization
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE
Incorrect Initialization of Resource
CWE
Use of Default Cryptographic Key
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.