Weaknesses in this category were intentionally introduced by the developer, typically as a result of prioritizing other aspects of the program over security, such as maintenance.
Extended Description
Characterizing intention is tricky: some features intentionally placed in programs can at the same time inadvertently introduce security flaws. For example, a feature that facilitates remote debugging or system maintenance may at the same time provide a trapdoor to a system. Where such cases can be distinguished, they are categorized as intentional but nonmalicious. Not wishing to endow programs with intentions, we nevertheless use the terms "malicious flaw," "malicious code," and so on, as shorthand for flaws, code, etc., that have been introduced into a system by an individual with malicious intent. Although some malicious flaws could be disguised as inadvertent flaws, this distinction can be easy to make in practice. Inadvertently created Trojan horse programs are hardly likely, although an intentionally-introduced buffer overflow might plausibly seem to be an error.
Demonstrative Examples
Example 1
The following snippet from a Java servlet demonstrates the use of a
"debug" parameter that invokes debug-related functionality. If deployed into
production, an attacker may use the debug parameter to get the application
to divulge sensitive information.
(Bad Code)
Example
Language: Java
String mode = request.getParameter("mode");
// perform requested servlet task
...
if (mode.equals(DEBUG)) {
// print sensitive information in client browser (PII,
server statistics, etc.)
Description
