Insufficient Type Distinction

Draft Base

Structure: Simple

Description

The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Common Consequences 1

Scope: Other

Impact: Other

Observed Examples 2

CVE-2005-2260Browser user interface does not distinguish between user-initiated and synthetic events.

CVE-2005-2801Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Insufficient Verification of Data Authenticity (CWE-345)

PeerOf:

Interpretation Conflict (CWE-436)

Taxonomy Mapping

PLOVER

Notes

RelationshipOverlaps others, e.g. Multiple Interpretation Errors.