CWE-636 - Not Failing Securely ('Failing Open')
CWE-636
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Not Failing Securely ('Failing Open')
- Description
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."
- Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: Intended access restrictions can be bypassed, which is often contradictory to what the product's administrator expects.
- Related Weaknesses
- Release Date:
- 2008-01-30
- Latest Modification Date:
- 2023-10-26
Free security scan for your website