CWE-392

Missing Report of Error Condition

Base

Draft

Description

The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.

Parent Weaknesses (ChildOf)

CWE-684: Incorrect Provision of Specifi...

CWE-703: Improper Check or Handling of ...

CWE-755: Improper Handling of Exception...

Common Consequences

Scope

Integrity

Other

Impact

Varies by Context, Unexpected State

CVE-2024-52316

Web-based product can throw an exception during authentication but does not report the failure in the HTTP status code, allowing authentication bypass.

[REF-1374]

Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)

CVE-2004-0063

Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.

CVE-2002-1446

Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.

CVE-2002-0499

Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.

CVE-2005-2459

Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-392

Missing Report of Error Condition

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms