CWE-511: Logic/Time Bomb

Description

The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.

Extended Description

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

ThreatScore

Threat Mapped score: 1.9

Industry: Finiancial

Threat priority: P3 - Important (Medium)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	N/A
Implementation	N/A

Common Consequences

Impact: Varies by Context, Alter Execution Logic — Notes:

Potential Mitigations

Installation: Always verify the integrity of the product that is being installed. (N/A)
Testing: Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

Intro: Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time.

Notes

No notes available.

← Back to CWE list