CWE-392
Missing Report of Error Condition
Draft
2006-07-19 00:00 +00:00
2024-02-29 00:00 +00:00
Alerte pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Missing Report of Error Condition
The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.
Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Integrity Other | Varies by Context, Unexpected State Note: Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors. |
Observed Examples
| Reference | Description |
|---|---|
| Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391) | |
| Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number. | |
| Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages. | |
| Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory. | |
| Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference. |
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
References
REF-1374
Randstorm: You Can't Patch a House of CardsUnciphered.
https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| Sean Eidemiller | Cigital | added/updated demonstrative examples | |
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Other_Notes, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Description, Name | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Modes_of_Introduction, Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Observed_Examples, References |
2024©
tesweb SA
