Improperly Implemented Security Check for Standard
Draft Base
Structure: Simple
Description
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Common Consequences 1
Scope: Access Control
Impact: Bypass Protection Mechanism
Observed Examples 8
CVE-2002-0862Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2002-0970Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2002-1407Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2005-0198Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
CVE-2004-2163Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
CVE-2005-2181Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
CVE-2005-2182Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
CVE-2005-2298Security check not applied to all components, allowing bypass.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
Taxonomy Mapping
- PLOVER
Notes
RelationshipThis is a "missing step" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.