CWE-697 - Insufficient Comparison

The software compares two entities in a security-relevant context, but the comparison is insufficient, which may lead to resultant weaknesses.

Related CAPEC(s) 40 Buffer Overflow via Environment Variables (CAPEC-ID 10) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Command Delimiters (CAPEC-ID 15) Flash Parameter Injection (CAPEC-ID 174) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Embedding Scripts within Scripts (CAPEC-ID 19) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) Leverage Alternate Encoding (CAPEC-ID 267) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) HTTP Response Splitting (CAPEC-ID 34) Using Alternative IP Address Encodings (CAPEC-ID 4) Using Meta-characters in E-mail Headers to Inject Malicious Payloads (CAPEC-ID 41) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Overflow Binary Resource File (CAPEC-ID 44) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Argument Injection (CAPEC-ID 6) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) Forced Integer Overflow (CAPEC-ID 92)