CWE-187 部分比较
Partial String Comparison
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
扩展描述
For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 1023 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Access Control'] | ['Alter Execution Logic', 'Bypass Protection Mechanism'] |
可能的缓解方案
Testing
策略:
Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
示例代码
例
This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.
bad C
/ Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. /
char username = "admin";
char pass = "password";
int AuthenticateUser(char inUser, char inPass) {
return(AUTH_FAIL);
}
if (! strncmp(pass, inPass, strlen(inPass))) {
return(AUTH_SUCCESS);
}
else {
return(AUTH_FAIL);
}
}
int main (int argc, char **argv) {
if (argc ExitError("Usage: Provide a username and password");
}
authResult = AuthenticateUser(argv[1], argv[2]);
if (authResult == AUTH_SUCCESS) {
}
else {
}
}文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论