[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissions, Privileges, and Access Controls

ID: 264Date: (C)2012-05-14   (M)2022-10-10
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Separation of Privilege
 
Follow the principle of least privilege when assigning access rights to entities in a software system.
 
  

Relationships

Related CWETypeViewChain
CWE-264 ChildOf CWE-254 Category CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permissions, Privileges, and ACLs
 
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218'. Published on 2002.
CVE    5324
CVE-2009-1863
CVE-2009-2493
SVE-001424
SVE-001557
...

© SecPod Technologies