[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissions, Privileges, and Access Controls

ID: 264Date: (C)2012-05-14   (M)2018-11-12
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Separation of Privilege
 
Follow the principle of least privilege when assigning access rights to entities in a software system.
 
  

Relationships

Related CWETypeViewChain
CWE-264 ChildOf CWE-254 Category CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permissions, Privileges, and ACLs
 
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218'. Published on 2002.
CVE    2377
CVE-2008-7186
CVE-2010-0774
CVE-2009-0904
CVE-2006-4136
...

© SecPod Technologies