CWE-187

Overview

CWE ID
187

CWE Name
Partial String Comparison

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Incomplete

Description

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

Extended Description

For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.

Related CWEs

CWE ID	View ID	Nature	Ordinal
1023	1000	ChildOf	Primary

Related CVEs

CVE
CVE-2022-31802
CVE-2024-39743
CVE-2024-39742
CVE-2024-41110