CWE-656: Reliance on Security Through Obscurity

ID CWE-656

Abstraction Class

Structure Simple

Status Draft

Number of CVEs 4

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-657	Violation of Secure Design Principles	Class	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-693	Protection Mechanism Failure	Pillar	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-259	Use of Hard-coded Password	Variant	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-321	Use of Hard-coded Cryptographic Key	Variant	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-472	External Control of Assumed-Immutable Web Parameter	Base	Simple	Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date