SFP Secondary Cluster: Architecture

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Architecture cluster.

Weaknesses

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous meth...

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...

Lack of Administrator Control over Security

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product ...

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Reliance on a Single Factor in a Security Decision

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make...

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those ...

Reliance on Security Through Obscurity

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the ...

Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')

The product uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured,...

Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resis...

Violation of Secure Design Principles

The product violates well-established principles for secure design.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.