The product violates well-established principles for secure design.
View on MITREThis can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
No mitigation information available for this CWE.
No detection method information available for this CWE.
Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].
View DetailsThe failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to "fail functional."
View DetailsServer does not properly validate client certificates when reusing cached connections.
View DetailsNo relationship information available for this CWE.
CWE-657: Violation of Secure Design Principles is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product violates well-established principles for secure design. This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
If exploited, CWE-657 (Violation of Secure Design Principles) it can compromise Other, leading to outcomes such as Other.
MITRE documents real CVEs mapped to CWE-657, including CVE-2019-6260, CVE-2007-5277, CVE-2006-7142 and CVE-2007-0408. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-657 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.