1. Home
  2. CWE Database
  3. CWE-408
Base · Medium

CWE-408: Incorrect Behavior Order: Early Amplification

The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

CWE-408 · Base Level ·1 CVEs

Description

The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

Potential Impact

Availability

DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

Demonstrative Examples

This function prints the contents of a specified file requested by a user.
Bad
function printFile($username,$filename){
                        
                           
                           //read file into string
                           $file = file_get_contents($filename);if ($file && isOwnerOf($username,$filename)){echo $file;return true;}else{echo 'You are not authorized to view this file';}return false;
                     }
This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

Real-World CVE Examples

CVE IDDescription
CVE-2004-2458Tool creates directories before authenticating user.

CWE-405: Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce exces...

CWE-696: Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may pro...

Taxonomy Mappings

  • PLOVER: — Early Amplification

Frequently Asked Questions

What is CWE-408?

CWE-408 (Incorrect Behavior Order: Early Amplification) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

How can CWE-408 be exploited?

Attackers can exploit CWE-408 (Incorrect Behavior Order: Early Amplification) to dos: amplification, dos: crash, exit, or restart, dos: resource consumption (cpu), dos: resource consumption (memory). This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-408?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-408?

CWE-408 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.