CWE-405
Asymmetric Resource Consumption (Amplification)
AI Translation Available
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is 'asymmetric.'
Status
incomplete
Abstraction
class
Affected Platforms
Not Technology-Specific
Client Server
Extended Description
AI Translation
This can lead to poor performance due to 'amplification' of resource consumption, typically in a non-linear fashion. This situation is worsened if the product allows malicious users or attackers to consume more resources than their access level permits.
Technical Details
AI Translation
Common Consequences
availability
Impacts
dos: amplification
dos: resource consumption (cpu)
dos: resource consumption (memory)
dos: resource consumption (other)
Potential Mitigations
Phases:
architecture and design
system configuration
Descriptions:
•
An application must, at all times, keep track of allocated resources and meter their usage appropriately.
•
An application must make resources available to a client commensurate with the client's access level.
•
Consider disabling resource-intensive algorithms on the server side, such as Diffie-Hellman key exchange.