CWE-636 - Not Failing Securely ('Failing Open')
- 摘要:Class
- 结构:Simple
- 状态:Draft
- 发布日期:2008-01-30
- 更新日期:2025-12-11
名称
Not Failing Securely ('Failing Open')
描述
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."
常见后果
范围:Access Control
影响:Bypass Protection Mechanism
注释:Intended access restrictions can be bypassed, which is often contradictory to what the product's administrator expects.