CWE-187 - Partial String Comparison
CWE-187
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Partial String Comparison
- Description
The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.
- Common Consequences
Scope: Integrity, Access Control
Impact: Alter Execution Logic, Bypass Protection Mechanism
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website