CWE-510

Trapdoor

Base

Incomplete

Description

A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.

Parent Weaknesses (ChildOf)

CWE-506: Embedded Malicious Code...

Common Consequences

Scope

Confidentiality

Integrity

Availability

Access Control

Impact

Execute Unauthorized Code or Commands, Bypass Protection Mechanism

Potential Mitigations

Installation

Always verify the integrity of the software that is being installed.

Testing

Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now