1. Home
  2. CWE Database
  3. CWE-358
Base · Medium

CWE-358: Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

CWE-358 · Base Level ·8 CVEs

Description

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Potential Impact

Access Control

Bypass Protection Mechanism

Real-World CVE Examples

CVE IDDescription
CVE-2002-0862Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2002-0970Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2002-1407Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
CVE-2005-0198Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
CVE-2004-2163Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
CVE-2005-2181Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
CVE-2005-2182Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
CVE-2005-2298Security check not applied to all components, allowing bypass.

CWE-573: Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, enviro...

CWE-693: Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed at...

CWE-345: Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid d...

CWE-290: Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing at...

Taxonomy Mappings

  • PLOVER: — Improperly Implemented Security Check for Standard

Frequently Asked Questions

What is CWE-358?

CWE-358 (Improperly Implemented Security Check for Standard) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

How can CWE-358 be exploited?

Attackers can exploit CWE-358 (Improperly Implemented Security Check for Standard) to bypass protection mechanism. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-358?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-358?

CWE-358 is classified as a Base-level weakness (Medium abstraction). It has been observed in 8 real-world CVEs.