Base weakness
Draft
CWE-222: Truncation of Security-relevant Information
The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
Last updated
0
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Base
Abstraction
MITRE classification
Overview
CWE-222 (Truncation of Security-relevant Information) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-222 is exploited.
Hide Activities
Affects: Non-Repudiation
The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Implementation
Operation
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2005-0585 — Web browser truncates long sub-domains or paths, facilitating phishing.
- CVE-2004-2032