DerScanner
Home / Vulnerability Database / C-sharp : Undocumented feature: security parameters modification
C#

C-sharp : Undocumented feature: security parameters modification

Classification

OWASP ASVS
Malicious Code
CWE
CWE-506CWE-862
CWE/SANS Top 25 2011
CWE-862
CWE/SANS Top 25 2021
CWE-862

Overview

The application contains the code that changes the logic of authentication by overwriting the variable that indicates whether the authentication is successful.

Using the assignment operator (=) instead of the comparison operator (==) is a common mistake. It is particularly dangerous and may be the part of the backdoor when occurs in the methods related to authentication.

References

  1. CWE-481: Assigning instead of Comparing
  2. Thwarted Linux backdoor hints at smarter hacks - SecurityFocus
  3. The Art of the Backdoor
  4. Assignement Operators - msdn.microsoft.com
  5. CWE-506: Embedded Malicious Code
LOW

DerScanner Severity Score

Do you want to fix C-sharp : Undocumented feature: security parameters modification in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined