CWE-656 依赖构建于封闭的安全性

Reliance on Security Through Obscurity

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

扩展描述

This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 657 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 657 cwe_View_ID: 699 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 693 cwe_View_ID: 1000

• cwe_Nature: CanPrecede cwe_CWE_ID: 259 cwe_View_ID: 1000

• cwe_Nature: CanPrecede cwe_CWE_ID: 321 cwe_View_ID: 1000

• cwe_Nature: CanPrecede cwe_CWE_ID: 472 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围	影响	注释
['Confidentiality', 'Integrity', 'Availability', 'Other']	Other	The security mechanism can be bypassed easily.

可能的缓解方案

Architecture and Design

策略:

Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others.

Architecture and Design

策略:

When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication.

示例代码

例

The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077. If ISNs can be guessed (due to predictability, CWE-330) or sniffed (due to lack of encryption, CWE-311), then an attacker can hijack or spoof connections. Many TCP implementations have had variations of this problem over the years, including CVE-2004-0641, CVE-2002-1463, CVE-2001-0751, CVE-2001-0328, CVE-2001-0288, CVE-2001-0163, CVE-2001-0162, CVE-2000-0916, and CVE-2000-0328.

分析过的案例

标识	说明	链接
CVE-2006-6588	Reliance on hidden form fields in a web application. Many web application vulnerabilities exist because the developer did not consider that "hidden" form fields can be processed using a modified client.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6588
CVE-2006-7142	Hard-coded cryptographic key stored in executable program.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142
CVE-2005-4002	Hard-coded cryptographic key stored in executable program.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4002
CVE-2006-4068	Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068

Notes

引用

• REF-196 The Protection of Information in Computer Systems

• REF-544 Never Assuming that Your Secrets Are Safe

文章来源于互联网:scap中文网