The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.
N/A
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: [REF-1374]
Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)
CVE: CVE-2004-0063
Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.
CVE: CVE-2002-1446
Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.
CVE: CVE-2002-0499
Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.
CVE: CVE-2005-2459
Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: In the following snippet from a doPost() servlet method, the server returns "200 OK" (default) even if an error occurs.
try { // Something that may throw an exception. ... } catch (Throwable t) { logger.error("Caught: " + t.toString()); return; }