CWE-628: Function Call with Incorrectly Specified Arguments

CWE-628: Function Call with Incorrectly Specified Arguments | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.

Vulnerable example

php

function authenticate($username, $password) {

This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.

Vulnerable example

perl

sub ReportAuth {

In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.

Vulnerable example

java

private static final String[] ADMIN_ROLES = ...;

CWE-628: Function Call with Incorrectly Specified Arguments

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Other

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-628?

What CVEs are caused by CWE-628?

How do you prevent CWE-628?

How is CWE-628 detected?

What are the consequences of CWE-628?

Is CWE-628 actively exploited?

References

Stay ahead of CWE-628

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Other

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-628?

What CVEs are caused by CWE-628?

How do you prevent CWE-628?

How is CWE-628 detected?

What are the consequences of CWE-628?

Is CWE-628 actively exploited?

References

Stay ahead of CWE-628