Variant weakness

Incomplete

CWE-187: Partial String Comparison

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.

CWE-187: Partial String Comparison

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-187?

What CVEs are caused by CWE-187?

How do you prevent CWE-187?

What are the consequences of CWE-187?

Is CWE-187 actively exploited?

References

Stay ahead of CWE-187

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Peer

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-187?

What CVEs are caused by CWE-187?

How do you prevent CWE-187?

What are the consequences of CWE-187?

Is CWE-187 actively exploited?

References

Stay ahead of CWE-187