Category: Comprehensive Categorization: Violation of Secure Design Principles
Incomplete
Summary
Weaknesses in this category are related to violation of secure design principles.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. |
| CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. |
| CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels. |
| CWE-1395 | Dependency on Vulnerable Third-Party Component | The product has a dependency on a third-party component that contains one or more known vulnerabilities. |
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
| CWE-424 | Improper Protection of Alternate Path | The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. |
| CWE-447 | Unimplemented or Unsupported Feature in UI | A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented. |
| CWE-636 | Not Failing Securely ('Failing Open') | When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. |
| CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | The product uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used. |
| CWE-638 | Not Using Complete Mediation | The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time. |
| CWE-653 | Improper Isolation or Compartmentalization | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
| CWE-654 | Reliance on a Single Factor in a Security Decision | A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. |
| CWE-655 | Insufficient Psychological Acceptability | The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose. |
| CWE-656 | Reliance on Security Through Obscurity | The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism. |
| CWE-657 | Violation of Secure Design Principles | The product violates well-established principles for secure design. |
| CWE-671 | Lack of Administrator Control over Security | The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.