CWE-636 - Not Failing Securely ('Failing Open')

  • 摘要:Class
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2008-01-30
  • 更新日期:2025-12-11

名称

Not Failing Securely ('Failing Open')

描述

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."

常见后果

范围:Access Control

影响:Bypass Protection Mechanism

注释:Intended access restrictions can be bypassed, which is often contradictory to what the product's administrator expects.

相关 CWE