{"@ID": "221", "@Name": "Information Loss or Omission", "@Abstraction": "Class", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "664", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant", "Description": "Information loss can be resultant, e.g., a\n\t       buffer overflow might trigger a crash before the\n\t       product can log the event."}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation"}, {"Phase": "Operation"}]}, "Common_Consequences": {"Consequence": {"Scope": "Non-Repudiation", "Impact": "Hide Activities"}}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-174", "Intro_Text": "This code logs suspicious multiple login attempts.", "Example_Code": {"@Nature": "Bad", "@Language": "PHP", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:div": [{"@style": "margin-left:1em;", "#text": "return True;"}, {"@style": "margin-left:1em;", "xhtml:br": null, "xhtml:div": {"@style": "margin-left:1em;", "#text": "writeLog(\"Failed login attempt by User: \" . $userName . \" at \" + date('r') );"}, "#text": "incrementLoginAttempts($userName);if(recentLoginAttempts($userName) > 5){}"}], "xhtml:br": null, "#text": "if(authenticate($userName,$password)){}else{}"}}, "#text": "function login($userName,$password){}"}}, "Body_Text": "This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit."}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2004-2227", "Description": "Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-2227"}, {"Reference": "CVE-2003-0412", "Description": "application server does not log complete URI of a long request (truncation).", "Link": "https://www.cve.org/CVERecord?id=CVE-2003-0412"}, {"Reference": "CVE-1999-1029", "Description": "Login attempts are not recorded if the user disconnects before the maximum number of tries.", "Link": "https://www.cve.org/CVERecord?id=CVE-1999-1029"}, {"Reference": "CVE-2002-0725", "Description": "Attacker performs malicious actions on a hard link to a file, obscuring the real target file.", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-0725"}, {"Reference": "CVE-1999-1055", "Description": "Product does not warn user when document contains certain dangerous functions or macros.", "Link": "https://www.cve.org/CVERecord?id=CVE-1999-1055"}]}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "PLOVER", "Entry_Name": "Information loss or omission"}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "81"}}, "Mapping_Notes": {"Usage": "Allowed-with-Review", "Rationale": "This CWE entry is a Class and might have Base-level children that would be more appropriate", "Comments": "Examine children of this entry to see if there is a better fit", "Reasons": {"Reason": {"@Type": "Abstraction"}}}, "Content_History": {"Submission": {"Submission_Name": "PLOVER", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Description, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Demonstrative_Examples, Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Description, Relationships, Weakness_Ordinalities"}]}}
