CWE-455 - Non-exit on Failed Initialization

  • Abstraction:Base
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2025-12-11

Weakness Name

Non-exit on Failed Initialization

Description

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Common Consequences

Scope: Integrity, Other

Impact: Modify Application Data, Alter Execution Logic

Notes: The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.

Related Weaknesses

CWE-636Not Failing Securely ('Failing Open')

CWE-665Improper InitializationMedium

CWE-705Incorrect Control Flow Scoping