Category: SFP Secondary Cluster: Covert Channel
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Covert Channel cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-385 | Covert Timing Channel | A covert timing channel is a security flaw where an attacker can deduce secret information by observing how long certain operations take to execute. Instead of directly reading data, they analyze timing variations in system behavior to infer protected details. |
| CWE-514 | Covert Channel | A covert channel is a hidden communication path that allows data to be transmitted in a way that bypasses the system's intended security controls and monitoring. |
| CWE-515 | Covert Storage Channel | A covert storage channel is a type of security flaw where one process secretly encodes data into a shared system resource (like a file, memory bit, or status flag), and another unauthorized process later reads that resource to extract the hidden information. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.