CWE-455: Non-exit on Failed Initialization
The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error or a hardware security module (HSM) cannot be activated, which can cause the product to execute in a less secure fashion than intended by the administrator.
Last updated
Overview
CWE-455 (Non-exit on Failed Initialization) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
1 recorded CVEs are caused by CWE-455 (Non-exit on Failed Initialization). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-455 is exploited.
Modify Application Data, Alter Execution Logic
Affects: Integrity, Other
The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.