CWE-637: Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Overview
CWE-637 (Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.
Description
The product uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used.
Applicable platforms
Kind
Name
Class
Prevalence
OS / CPE
language
—
Not Language-Specific
Undetermined
—
Related CVEs in this database
These CVEs are mapped to this weakness in this database and kept for traceability and search.
Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") e…
Previous names
Design Principle Violation: Not Using Economy of Mechanism(2009-01-12)