CWE-656 11 个 CVE MITRE 定义 ↗

CWE-656:Reliance on Security Through Obscurity

概览

CWE-656(Reliance on Security Through Obscurity)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2026-7161 2026-05-03 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An atta…
CVE-2026-42363 2026-04-26 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An atta…
CVE-2025-59093 2026-01-26 Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostnam…
CVE-2025-7020 2025-08-09 An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass …
CVE-2025-25983 2025-04-18 An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharin…
CVE-2024-12297 2025-01-15 Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process…
CVE-2024-9138 2025-01-03 Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an a…
CVE-2024-5244 2024-05-23 TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Oma…
CVE-2020-10286 2020-07-15 the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file…
CVE-2020-10284 2020-07-15 No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1…
CVE-2020-10277 2020-06-24 There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin…

曾用名

  • Design Principle Violation: Reliance on Security through Obscurity (2009-01-12)

内容提交

名称
Pascal Meunier
组织
Purdue University
日期
2008-01-18
版本
Draft 8

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities
2009-01-12 CWE Content Team 1.2 updated Description, Name
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Other_Notes, Relationship_Notes
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Relationships, Time_of_Introduction
2021-03-15 CWE Content Team 4.4 updated Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples, References
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Demonstrative_Examples, References, Relationships, Type
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples
2025-04-03 CWE Content Team 4.17 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Demonstrative_Examples, References
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships
cvelogic Threat Intelligence