CWE-455 - Non-exit on Failed Initialization

CWE-455

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Non-exit on Failed Initialization

Description: The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Common Consequences: Scope: Integrity, Other
Impact: Modify Application Data, Alter Execution Logic
Notes: The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.

Related Weaknesses

CWE-665Improper InitializationMedium

CWE-705Incorrect Control Flow Scoping

CWE-636Not Failing Securely ('Failing Open')

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard