CWE-693 Protection Mechanism Failure – Detailed Weakness Analysis

Explore CAPEC attack patterns referencing this CWE.

What is CWE (Common Weakness Enumeration)?

The Common Weakness Enumeration (CWE) is a community-developed list of common software and hardware weaknesses. By identifying these weaknesses, developers and security practitioners can prioritize and address potential vulnerabilities early in the development cycle. Explore our comprehensive CWE list below to better understand and mitigate common security issues.

CAPEC Patterns referencing CWE-693

Below is a list of CAPEC attack patterns associated with this CWE-693. Click on each CAPEC to learn more. The right column shows the related weaknesses (including this one).

CAPEC Related Weaknesses
Accessing Functionality Not Properly Constrained by ACLs
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1327 Binding to an Unrestricted IP Address
Cross Site Tracing
CWE-648 Incorrect Use of Privileged APIs
CWE-693 Protection Mechanism Failure
Directory Indexing
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-424 Improper Protection of Alternate Path
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
Using Malicious Files
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-270 Privilege Context Switching Error
CWE-272 Least Privilege Violation
CWE-282 Improper Ownership Management
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
Encryption Brute Forcing
CWE-326 Inadequate Encryption Strength
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-693 Protection Mechanism Failure
CWE-1204 Generation of Weak Initialization Vector (IV)
Exploiting Trust in Client
CWE-20 Improper Input Validation
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-287 Improper Authentication
CWE-290 Authentication Bypass by Spoofing
CWE-693 Protection Mechanism Failure
Escaping a Sandbox by Calling Code in Another Language
CWE-693 Protection Mechanism Failure
Using Unpublished Interfaces or Functionality
CWE-306 Missing Authentication for Critical Function
CWE-693 Protection Mechanism Failure
CWE-695 Use of Low-Level Functionality
CWE-1242 Inclusion of Undocumented Features or Chicken Bits
Signature Spoofing by Mixing Signed and Unsigned Content
CWE-311 Missing Encryption of Sensitive Data
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
Escaping Virtualization
CWE-693 Protection Mechanism Failure
Poison Web Service Registry
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CWE-287 Improper Authentication
CWE-300 Channel Accessible by Non-Endpoint
CWE-693 Protection Mechanism Failure
Session Credential Falsification through Prediction
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-290 Authentication Bypass by Spoofing
CWE-330 Use of Insufficiently Random Values
CWE-331 Insufficient Entropy
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-488 Exposure of Data Element to Wrong Session
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-693 Protection Mechanism Failure
Sniff Application Code
CWE-311 Missing Encryption of Sensitive Data
CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-319 Cleartext Transmission of Sensitive Information
CWE-693 Protection Mechanism Failure
Key Negotiation of Bluetooth Attack (KNOB)
CWE-285 Improper Authorization
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
Manipulating State
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-353 Missing Support for Integrity Check
CWE-372 Incomplete Internal State Distinction
CWE-693 Protection Mechanism Failure
CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic
CWE-1253 Incorrect Selection of Fuse Values
CWE-1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
CWE-1271 Uninitialized Value on Reset for Registers Holding Security Settings
Forceful Browsing
CWE-285 Improper Authorization
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure

About CWE-693: Protection Mechanism Failure

CWE-693 is one of the established Common Weakness Enumerations that identifies a specific type of vulnerability in software. Detailed analysis of CWE-693 helps organizations understand the risks associated with this weakness and implement effective countermeasures.

Explore related attack patterns, best practices, and expert recommendations on this page. By understanding CWE-693, you can enhance your security posture and better protect your applications against exploitation.