[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

147852

 
 

909

 
 

118110

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissions, Privileges, and Access Controls

ID: 264Date: (C)2012-05-14   (M)2020-02-26
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Separation of Privilege
 
Follow the principle of least privilege when assigning access rights to entities in a software system.
 
  

Relationships

Related CWETypeViewChain
CWE-264 ChildOf CWE-254 Category CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permissions, Privileges, and ACLs
 
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218'. Published on 2002.
CVE    5803
CVE-2014-5031
CVE-2009-3385
CVE-2012-2335
CVE-2014-0067
...

© SecPod Technologies