CWE WEAKNESSES / CWE-358
CWE-358
Improperly Implemented Security Check for Standard
Base
What it is
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Impact
| Access Control | Bypass Protection Mechanism |
Real-world CVE examples
- CVE-2002-0862 — Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2002-0970 — Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2002-1407 — Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
- CVE-2005-0198 — Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
- CVE-2004-2163 — Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
- CVE-2005-2181 — Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
- CVE-2005-2182 — Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
- CVE-2005-2298 — Security check not applied to all components, allowing bypass.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →