The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
View DetailsBrowser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
View DetailsBrowser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.
View DetailsLogic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).
View DetailsShared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
View DetailsInsufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
View DetailsInsufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.
View DetailsNo relationship information available for this CWE.
CWE-358: Improperly Implemented Security Check for Standard is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
If exploited, CWE-358 (Improperly Implemented Security Check for Standard) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.
CWE-358 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-358, including CVE-2002-0862, CVE-2002-0970, CVE-2002-1407, CVE-2005-0198 and CVE-2004-2163. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-358 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.