Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-693:Protection Mechanism Failure
Weakness ID:693
Version:v4.17
Weakness Name:Protection Mechanism Failure
Vulnerability Mapping:Discouraged
Abstraction:Pillar
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

▼Extended Description

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
MemberOfProhibitedV1000Research Concepts
ParentOfAllowed-with-ReviewC1039Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
ParentOfAllowedB1248Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
ParentOfAllowedB1253Incorrect Selection of Fuse Values
ParentOfAllowedB1269Product Released in Non-Release Configuration
ParentOfAllowedB1278Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
ParentOfAllowedB1291Public Key Re-Use for Signing both Debug and Production Code
ParentOfAllowedB1326Missing Immutable Root of Trust in Hardware
ParentOfAllowedB1318Missing Support for Security Features in On-chip Fabrics or Buses
ParentOfAllowedB1319Improper Protection against Electromagnetic Fault Injection (EM-FI)
ParentOfAllowedB1338Improper Protections Against Hardware Overheating
ParentOfAllowedB184Incomplete List of Disallowed Inputs
ParentOfDiscouragedC311Missing Encryption of Sensitive Data
ParentOfAllowed-with-ReviewC326Inadequate Encryption Strength
ParentOfAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
ParentOfDiscouragedC330Use of Insufficiently Random Values
ParentOfDiscouragedC345Insufficient Verification of Data Authenticity
ParentOfAllowedB357Insufficient UI Warning of Dangerous Operations
ParentOfAllowedB358Improperly Implemented Security Check for Standard
ParentOfAllowed-with-ReviewC424Improper Protection of Alternate Path
ParentOfAllowed-with-ReviewC602Client-Side Enforcement of Server-Side Security
ParentOfAllowedC653Improper Isolation or Compartmentalization
ParentOfAllowedB654Reliance on a Single Factor in a Security Decision
ParentOfAllowed-with-ReviewC655Insufficient Psychological Acceptability
ParentOfAllowed-with-ReviewC656Reliance on Security Through Obscurity
ParentOfAllowedB757Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
ParentOfAllowedB807Reliance on Untrusted Inputs in a Security Decision
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1000
Name: Research Concepts
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 1039
Name: Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1248
Name: Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1253
Name: Incorrect Selection of Fuse Values
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1269
Name: Product Released in Non-Release Configuration
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1278
Name: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1291
Name: Public Key Re-Use for Signing both Debug and Production Code
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1326
Name: Missing Immutable Root of Trust in Hardware
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1318
Name: Missing Support for Security Features in On-chip Fabrics or Buses
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1319
Name: Improper Protection against Electromagnetic Fault Injection (EM-FI)
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1338
Name: Improper Protections Against Hardware Overheating
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 184
Name: Incomplete List of Disallowed Inputs
Nature: ParentOf
Mapping: Discouraged
Type: Class
ID: 311
Name: Missing Encryption of Sensitive Data
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 326
Name: Inadequate Encryption Strength
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: ParentOf
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: ParentOf
Mapping: Discouraged
Type: Class
ID: 345
Name: Insufficient Verification of Data Authenticity
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 357
Name: Insufficient UI Warning of Dangerous Operations
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 358
Name: Improperly Implemented Security Check for Standard
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 424
Name: Improper Protection of Alternate Path
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 602
Name: Client-Side Enforcement of Server-Side Security
Nature: ParentOf
Mapping: Allowed
Type: Class
ID: 653
Name: Improper Isolation or Compartmentalization
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 654
Name: Reliance on a Single Factor in a Security Decision
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 655
Name: Insufficient Psychological Acceptability
Nature: ParentOf
Mapping: Allowed-with-Review
Type: Class
ID: 656
Name: Reliance on Security Through Obscurity
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 757
Name: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC975SFP Secondary Cluster: Architecture
MemberOfProhibitedC1370ICS Supply Chain: Common Mode Frailties
MemberOfProhibitedC1413Comprehensive Categorization: Protection Mechanism Failure
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 975
Name: SFP Secondary Cluster: Architecture
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1370
Name: ICS Supply Chain: Common Mode Frailties
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1413
Name: Comprehensive Categorization: Protection Mechanism Failure
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-305ICS/OT (technology class) Weaknesses
MemberOfProhibitedBSBOSS-307Not Technology-Specific (technology class) Weaknesses
MemberOfProhibitedBSBOSS-316Bypass Protection Mechanism (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-305
Name: ICS/OT (technology class) Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-307
Name: Not Technology-Specific (technology class) Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-316
Name: Bypass Protection Mechanism (impact)
▼Relevant To View
Relevant to the view"SEI ETF Categories of Security Vulnerabilities in ICS - (1358)"
NatureMappingTypeIDName
MemberOfProhibitedC1370ICS Supply Chain: Common Mode Frailties
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1370
Name: ICS Supply Chain: Common Mode Frailties
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC975SFP Secondary Cluster: Architecture
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 975
Name: SFP Secondary Cluster: Architecture
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
Access ControlN/ABypass Protection Mechanism
N/A
Scope: Access Control
Likelihood: N/A
Impact: Bypass Protection Mechanism
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

Phase: Operation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
Technology
Class: Not Technology-Specific(Undetermined Prevalence)
Class: ICS/OT(Undetermined Prevalence)
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Discouraged
      Reason:Abstraction
      Rationale:

      This CWE entry is extremely high-level, a Pillar.

      Comments:

      Consider children or descendants of this entry instead.

      Suggestions:
      ▼Notes
      Research Gap

      The concept of protection mechanisms is well established, but protection mechanism failures have not been studied comprehensively. It is suspected that protection mechanisms can have significantly different types of weaknesses than the weaknesses that they are intended to prevent.

      N/A

      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      ▼Related Attack Patterns
      IDName
      CAPEC-1
      Accessing Functionality Not Properly Constrained by ACLs
      CAPEC-107
      Cross Site Tracing
      CAPEC-127
      Directory Indexing
      CAPEC-17
      Using Malicious Files
      CAPEC-20
      Encryption Brute Forcing
      CAPEC-22
      Exploiting Trust in Client
      CAPEC-237
      Escaping a Sandbox by Calling Code in Another Language
      CAPEC-36
      Using Unpublished Interfaces or Functionality
      CAPEC-477
      Signature Spoofing by Mixing Signed and Unsigned Content
      CAPEC-480
      Escaping Virtualization
      CAPEC-51
      Poison Web Service Registry
      CAPEC-57
      Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
      CAPEC-59
      Session Credential Falsification through Prediction
      CAPEC-65
      Sniff Application Code
      CAPEC-668
      Key Negotiation of Bluetooth Attack (KNOB)
      CAPEC-74
      Manipulating State
      CAPEC-87
      Forceful Browsing
      ID: CAPEC-1
      Name: Accessing Functionality Not Properly Constrained by ACLs
      ID: CAPEC-107
      Name: Cross Site Tracing
      ID: CAPEC-127
      Name: Directory Indexing
      ID: CAPEC-17
      Name: Using Malicious Files
      ID: CAPEC-20
      Name: Encryption Brute Forcing
      ID: CAPEC-22
      Name: Exploiting Trust in Client
      ID: CAPEC-237
      Name: Escaping a Sandbox by Calling Code in Another Language
      ID: CAPEC-36
      Name: Using Unpublished Interfaces or Functionality
      ID: CAPEC-477
      Name: Signature Spoofing by Mixing Signed and Unsigned Content
      ID: CAPEC-480
      Name: Escaping Virtualization
      ID: CAPEC-51
      Name: Poison Web Service Registry
      ID: CAPEC-57
      Name: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
      ID: CAPEC-59
      Name: Session Credential Falsification through Prediction
      ID: CAPEC-65
      Name: Sniff Application Code
      ID: CAPEC-668
      Name: Key Negotiation of Bluetooth Attack (KNOB)
      ID: CAPEC-74
      Name: Manipulating State
      ID: CAPEC-87
      Name: Forceful Browsing
      ▼References
      Details not found