Comprehensive Categorization: Protection Mechanism Failure

The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it doe...

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

A hardware device is missing or has inadequate protection features to prevent overheating.

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other actio...

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as sca...

On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.

The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.

The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

The product released to market is released in pre-production or manufacturing configuration.

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into ...

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

The same public key is used for signing both debug and production code.

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses ...

A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mecha...

The security-sensitive hardware module contains semiconductor defects.

The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...