Incomplete Internal State Distinction

Draft Base

Structure: Simple

Description

The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Common Consequences 1

Scope: IntegrityOther

Impact: Varies by ContextUnexpected State

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Related Attack Patterns

Related Weaknesses

ChildOf:

Improper Control of a Resource Through its Lifetime (CWE-664)

Taxonomy Mapping

PLOVER

Notes

RelationshipThis conceptually overlaps other categories such as insufficient verification, but this entry refers to the product's incorrect perception of its own state.

RelationshipThis is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc.

MaintenanceThis entry is being considered for deprecation. It was poorly-defined in PLOVER and is not easily described using the behavior/resource/property model of vulnerability theory.