[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissions, Privileges, and Access Controls

ID: 264Date: (C)2012-05-14   (M)2017-12-08
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Separation of Privilege
 
Follow the principle of least privilege when assigning access rights to entities in a software system.
 
  

Relationships

Related CWETypeViewChain
CWE-264 ChildOf CWE-254 Category CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permissions, Privileges, and ACLs
 
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218'. Published on 2002.
CVE    2377
CVE-2004-0041
CVE-2004-2700
CVE-2004-2718
CVE-2003-0497
...

© 2013 SecPod Technologies