CWE-478 - Missing Default Case in Multiple Condition Expression
CWE-478
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Missing Default Case in Multiple Condition Expression
- Description
The code does not have a default case in an expression with multiple conditions, such as a switch statement.
If a multiple-condition expression (such as a switch in C) omits the default case but does not consider or handle all possible values that could occur, then this might lead to complex logical errors and resultant weaknesses. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.
- Common Consequences
Scope: Integrity
Impact: Varies by Context, Alter Execution Logic
Notes: Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website