Violation of Secure Design Principles

Draft Class

Structure: Simple

Description

This weakness occurs when a system's architecture or design fails to follow fundamental security principles, creating a flawed foundation that can lead to multiple vulnerabilities.

Extended Description

A design that ignores secure principles, like least privilege or defense in depth, acts as a blueprint for insecurity. It often introduces specific security flaws directly and makes it easier for developers to accidentally create related bugs during coding, as they are building on an inherently weak structure. Fixing these foundational design problems is typically costly and complex because the insecure assumptions are woven throughout the entire codebase. Addressing them may require significant architectural changes, unlike patching a single coding error, which makes prevention through secure design reviews critical early in the development lifecycle.

Common Consequences 1

Scope: Other

Impact: Other

Demonstrative Examples 6

ID : DX-164

Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer could limit the number of ARP entries that can be recorded for a given switch interface, while other interfaces may keep functioning normally. Configuration options can be provided on the appropriate actions to be taken in case of a detected failure, but safe defaults should be used.

ID : DX-165

The IPSEC specification is complex, which resulted in bugs, partial implementations, and incompatibilities between vendors.

ID : DX-166

When executable library files are used on web servers, which is common in PHP applications, the developer might perform an access check in any user-facing executable, and omit the access check from the library file itself. By directly requesting the library file (Direct Request ('Forced Browsing')), an attacker can bypass this access check.

ID : DX-167

Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user's credentials can provide immediate access to all other resources or domains.

ID : DX-168

The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077 [REF-542]. If ISNs can be guessed (due to predictability, Use of Insufficiently Random Values) or sniffed (due to lack of encryption during transmission, Cleartext Storage of Sensitive Information), then an attacker can hijack or spoof connections. Many TCP implementations have had variations of this problem over the years, including CVE-2004-0641, CVE-2002-1463, CVE-2001-0751, CVE-2001-0328, CVE-2001-0288, CVE-2001-0163, CVE-2001-0162, CVE-2000-0916, and CVE-2000-0328.

ID : DX-169

The "SweynTooth" vulnerabilities in Bluetooth Low Energy (BLE) software development kits (SDK) were found to affect multiple Bluetooth System-on-Chip (SoC) manufacturers. These SoCs were used by many products such as medical devices, Smart Home devices, wearables, and other IoT devices. [REF-1314] [REF-1315]

Observed Examples 4

CVE-2019-6260Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].

CVE-2007-5277The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to "fail functional."

CVE-2006-7142Hard-coded cryptographic key stored in executable program.

CVE-2007-0408Server does not properly validate client certificates when reusing cached connections.

References 6

The Protection of Information in Computer Systems

Jerome H. Saltzer and Michael D. Schroeder

Proceedings of the IEEE 63

09-1975

http://web.mit.edu/Saltzer/www/publications/protection/

ID: REF-196

Design Principles

Sean Barnum and Michael Gegick

19-09-2005

https://web.archive.org/web/20220126060046/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/design-principles(2023-04-07)

ID: REF-546

RFC: 793, TRANSMISSION CONTROL PROTOCOL

Jon Postel, Editor

Information Sciences Institute

09-1981

https://www.ietf.org/rfc/rfc793.txt(2023-04-07)

ID: REF-542

CVE-2019-6260: Gaining control of BMC from the host processor

Stewart Smith

2019

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/(2025-07-29)

ID: REF-1138

ICS Alert (ICS-ALERT-20-063-01): SweynTooth Vulnerabilities

ICS-CERT

04-03-2020

https://www.cisa.gov/news-events/ics-alerts/ics-alert-20-063-01(2023-04-07)

ID: REF-1314

Unleashing Mayhem over Bluetooth Low Energy

Matheus E. Garbelini, Sudipta Chattopadhyay, Chundong Wang, Singapore University of Technology and Design

04-03-2020

https://asset-group.github.io/disclosures/sweyntooth/(2023-01-25)

ID: REF-1315

Modes of Introduction

Architecture and Design

Implementation

Operation

Related Weaknesses

ChildOf:

Improper Adherence to Coding Standards (CWE-710)

Taxonomy Mapping

ISA/IEC 62443
ISA/IEC 62443
ISA/IEC 62443

Notes

MaintenanceThe Taxonomy_Mappings to ISA/IEC 62443 were added in CWE 4.10, but they are still under review and might change in future CWE versions. These draft mappings were performed by members of the "Mapping CWE to 62443" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG), and their work is incomplete as of CWE 4.10. The mappings are included to facilitate discussion and review by the broader ICS/OT community, and they are likely to change in future CWE versions.