CWE-489: Active Debug Code (Leftover debug code)

CWE-489: Active Debug Code (Leftover debug code) | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called "debug", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass the authentication process if the special behavior of the application regarding the debug parameter is known. In a case where the form is:

Vulnerable example

xml

<FORM ACTION="/authenticate_login.cgi">

Example

plaintext

http://TARGET/authenticate_login.cgi?username=...&password=...

Attack input

plaintext

http://TARGET/authenticate_login.cgi?username=&password=&debug=1

CWE-489: Active Debug Code

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-489?

What CVEs are caused by CWE-489?

Is CWE-489 part of the OWASP Top 10?

How do you prevent CWE-489?

How is CWE-489 detected?

What are the consequences of CWE-489?

Is CWE-489 actively exploited?

References

Stay ahead of CWE-489

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Can precede

Terminology & mappings

Alternate terms

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-489?

What CVEs are caused by CWE-489?

Is CWE-489 part of the OWASP Top 10?

How do you prevent CWE-489?

How is CWE-489 detected?

What are the consequences of CWE-489?

Is CWE-489 actively exploited?

References

Stay ahead of CWE-489