CWE-58: Path Equivalence: Windows 8.3 Filename
The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename.
Last updated
Overview
CWE-58 (Path Equivalence: Windows 8.3 Filename) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Background
On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.
Common consequences
What can happen when CWE-58 is exploited.
Read Files or Directories, Modify Files or Directories
Affects: Confidentiality, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Operating systems
How to prevent it
Practical mitigations for CWE-58, grouped by where in the lifecycle they apply.