CWE-656: Reliance on Security Through Obscurity
ID
CWE-656
Abstraction
Class
Structure
Simple
Status
Draft
Number of CVEs
4
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | |
Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-657 | Violation of Secure Design Principles | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-693 | Protection Mechanism Failure | Pillar | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-259 | Use of Hard-coded Password | Variant | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-321 | Use of Hard-coded Cryptographic Key | Variant | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-472 | External Control of Assumed-Immutable Web Parameter | Base | Simple | Draft |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...