CWE-455: Non-exit on Failed Initialization
The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.
Last updated
Overview
CWE-455 (Non-exit on Failed Initialization) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
1 recorded CVEs are caused by CWE-455 (Non-exit on Failed Initialization). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-455 is exploited.
Modify Application Data, Alter Execution Logic
Affects: Integrity, Other
The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-455, grouped by where in the lifecycle they apply.
Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following code intends to limit certain operations to the administrator only.
Vulnerable example
# do stuff
$username = GetCurrentUser();If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to "0" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2005-1345 — Product does not trigger a fatal error if missing or invalid ACLs are in a configuration file.
Terminology & mappings
Mapped taxonomies
- PLOVER: Non-exit on Failed Initialization
Frequently asked questions
Common questions about CWE-455.
- What is CWE-455?
- The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.
- What CVEs are caused by CWE-455?
- 1 recorded CVEs are attributed to CWE-455, including CVE-2022-4662.
- How do you prevent CWE-455?
- Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker.
- What are the consequences of CWE-455?
- Exploiting CWE-455 can lead to: Modify Application Data, Alter Execution Logic.
- Is CWE-455 actively exploited?
- 1 recorded CVEs are caused by CWE-455; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-455) (opens in a new tab)
- CWE-455 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-455
Get alerted the moment a new CWE-455 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.