Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-511:Logic/Time Bomb
Weakness ID:511
Version:v4.17
Weakness Name:Logic/Time Bomb
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.

▼Extended Description

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC506Embedded Malicious Code
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 506
Name: Embedded Malicious Code
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC904SFP Primary Cluster: Malware
MemberOfProhibitedC1412Comprehensive Categorization: Poor Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 904
Name: SFP Primary Cluster: Malware
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1412
Name: Comprehensive Categorization: Poor Coding Practices
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-306Mobile (technology class) Weaknesses
MemberOfProhibitedBSBOSS-326Varies by Context (impact)
MemberOfProhibitedBSBOSS-330Alter Execution Logic (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-306
Name: Mobile (technology class) Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-326
Name: Varies by Context (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-330
Name: Alter Execution Logic (impact)
▼Relevant To View
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC904SFP Primary Cluster: Malware
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 904
Name: SFP Primary Cluster: Malware
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherIntegrityN/AVaries by ContextAlter Execution Logic
N/A
Scope: Other, Integrity
Likelihood: N/A
Impact: Varies by Context, Alter Execution Logic
Note:
N/A
▼Potential Mitigations
Phase:Installation
Mitigation ID:
Strategy:
Effectiveness:
Description:

Always verify the integrity of the product that is being installed.

Note:

Phase:Testing
Mitigation ID:
Strategy:
Effectiveness:
Description:

Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

Note:

▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
Technology
Class: Mobile(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time.

Language: ( code)
N/A

▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      LandwehrN/AN/ALogic/Time Bomb
      Taxonomy Name: Landwehr
      Entry ID: N/A
      Fit: N/A
      Entry Name: Logic/Time Bomb
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-172
      Title: Mobile App Top 10 List
      Author: Chris Wysopal
      Section:
      Publication:
      Publisher:
      Edition:
      URL:https://www.veracode.com/blog/2010/12/mobile-app-top-10-list
      URL Date:2023-04-07
      Day:13
      Month:12
      Year:2010
      Reference ID: REF-1431
      Title: A Taxonomy of Computer Program Security Flaws, with Examples
      Author: Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi
      Section:
      Publication:
      Publisher:
      Edition:
      URL:https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf
      URL Date:2024-11-17
      Day:19
      Month:11
      Year:1993
      Details not found