CWE-510: Trapdoor
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.
常见后果
影响范围: Confidentiality Integrity Availability Access Control
技术影响: Execute Unauthorized Code or Commands Bypass Protection Mechanism
潜在缓解措施
阶段: Installation
描述: Always verify the integrity of the software that is being installed.
阶段: Testing
描述: Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications.
检测方法
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Operation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Landwehr | - | Trapdoor | - |