CWE-455

Non-exit on Failed Initialization

Base

Draft

Description

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.

Parent Weaknesses (ChildOf)

CWE-636: Not Failing Securely ('Failing...

CWE-665: Improper Initialization...

CWE-705: Incorrect Control Flow Scoping...

Common Consequences

Scope

Integrity

Other

Impact

Modify Application Data, Alter Execution Logic

Potential Mitigations

Implementation

Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker.

CVE-2005-1345

Product does not trigger a fatal error if missing or invalid ACLs are in a configuration file.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now