Categories

An exact value or random number can be precisely predicted by observing previous values.

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.

The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.

The product's architecture, source code, design, documentation, or other artifact does not follow required conventions.

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.