CWE-187 (Partial String Comparison) is a common software weakness type identified by the CWE (Common Weakness Enumeration) dictionary. It helps developers understand security flaws and how to mitigate them.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (the root cause), while CVE refers to a specific instance of a vulnerability in a particular product or system.

CWE-187

Partial String Comparison

Weakness Description

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.

Potential Mitigations

Testing

Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.

Common Consequences

IntegrityAccess Control

Alter Execution LogicBypass Protection Mechanism

Related Weaknesses

CWE-1023

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources