CWE-405: Asymmetric Resource Consumption (Amplification)

ClassIncomplete

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

View on MITRE

Back to CWE Lookup

Extended Description

This can lead to poor performance due to "amplification" of resource consumption, typically in a non-linear fashion. This situation is worsened if the product allows malicious users or attackers to consume more resources than their access level permits.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-405

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references