CWE-455

Non-exit on Failed Initialization

AI Translation Available

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Status

draft

Abstraction

base

Affected Platforms

Technical Details

AI Translation

Common Consequences

integrity other

Impacts

modify application data alter execution logic

Potential Mitigations

Phases:

implementation

Descriptions:

• Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker.

AI Generated Translation

Common Consequences

integrità altro

Impacts

modificare dati applicazione alterazione esecuzione logica

Potential Mitigations

Phases:

implementazione

Descriptions:

• Segui il principio di fallimento sicuro quando si verifica un errore. Il sistema dovrebbe entrare in uno stato in cui non è vulnerabile e non visualizzerà messaggi di errore sensibili a un potenziale attaccante.

CWE-455

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter