CWE-187

Partial String Comparison

AI Translation Available

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

Status

incomplete

Abstraction

variant

Affected Platforms

Extended Description

AI Translation

For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.

Technical Details

AI Translation

Common Consequences

integrity access control

Impacts

alter execution logic bypass protection mechanism

Potential Mitigations

Phases:

testing

Descriptions:

• Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.

AI Generated Translation

Common Consequences

integrità controllo degli accessi

Impacts

alterazione esecuzione logica elusione del meccanismo di protezione

Potential Mitigations

Phases:

verifica

Descriptions:

• Testa accuratamente lo schema di confronto prima di distribuire il codice in produzione. Esegui test positivi così come test negativi.

CWE-187

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter