CWE-187 - Partial String Comparison
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Partial String Comparison
Description
The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.
Common Consequences
Scope: Integrity, Access Control
Impact: Alter Execution Logic, Bypass Protection Mechanism
