logo

CWE-455 - Non-exit on Failed Initialization

CWE-455

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Non-exit on Failed Initialization

Description

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Common Consequences

Scope: Integrity, Other

Impact: Modify Application Data, Alter Execution Logic

Notes: The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website