CWE-405
Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."
Mitigation
Phase: Architecture and Design
Description:
- An application must make resources available to a client commensurate with the client's access level.
Mitigation
Phase: Architecture and Design
Description:
- An application must, at all times, keep track of allocated resources and meter their usage appropriately.
Mitigation
Phase: System Configuration
Description:
- Consider disabling resource-intensive algorithms on the server side, such as Diffie-Hellman key exchange.
No CAPEC attack patterns related to this CWE.