CWE-58: Path Equivalence: Windows 8.3 Filename

VariantIncomplete

The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename.

View on MITRE

Back to CWE Lookup

Extended Description

On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Windows

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-58

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references