CWE-223: Omission of Security-relevant Information
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
常见后果
影响范围: Non-Repudiation
技术影响: Hide Activities
说明: The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.
观察示例
参考: CVE-1999-1029
Login attempts are not recorded if the user disconnects before the maximum number of tries.
参考: CVE-2002-1839
Sender's IP address not recorded in outgoing e-mail.
参考: CVE-2000-0542
Failed authentication attempts are not recorded if later attempt succeeds.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
| Implementation | - |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Omission of Security-relevant Information | - |