CWE-58: Path Equivalence: Windows 8.3 Filename

CWE-58: Path Equivalence: Windows 8.3 Filename is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename. On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.

If exploited, CWE-58 (Path Equivalence: Windows 8.3 Filename) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Files or Directories and Modify Files or Directories.

Recommended mitigations for CWE-58 include: Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames.

CWE-58 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

MITRE documents real CVEs mapped to CWE-58, including CVE-1999-0012, CVE-2001-0795 and CVE-2005-0471. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

A CWE (Common Weakness Enumeration) like CWE-58 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.