CWE•Base•Draft•3 recent CVEs
CWE-1254Incorrect Comparison Logic Granularity
Description
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.
[object Object]
Common consequences
- Confidentiality,Authorization→Bypass Protection Mechanism
Potential mitigations
- Implementation[object Object]