logo

CWE-478 - Missing Default Case in Multiple Condition Expression

CWE-478

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Missing Default Case in Multiple Condition Expression

Description

The code does not have a default case in an expression with multiple conditions, such as a switch statement.

If a multiple-condition expression (such as a switch in C) omits the default case but does not consider or handle all possible values that could occur, then this might lead to complex logical errors and resultant weaknesses. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.

Common Consequences

Scope: Integrity

Impact: Varies by Context, Alter Execution Logic

Notes: Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation.

Related Weaknesses

CWE-1023Incomplete Comparison with Missing Factors

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website