Not Using Complete Mediation| ID: 638 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Class |
Description
The software does not perform access checks on a resource every
time the resource is accessed by an entity, which can create resultant
weaknesses if that entity's rights or privileges change over
time.
Extended Description
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
- Operation
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| IntegrityConfidentialityAvailabilityAccess_ControlOther | Gain privileges / assume
identityExecute unauthorized code or
commandsBypass protection
mechanismRead application
dataOther | A user might retain access to a critical resource even after
privileges have been revoked, possibly allowing access to privileged
functionality or sensitive information, depending on the role of the
resource. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | | Invalidate cached privileges, file handles or descriptors, or other
access credentials whenever identities, processes, policies, roles,
capabilities or permissions change. Perform complete authentication
checks before accepting, caching and reusing data, dynamic content and
code (scripts). Avoid caching access control decisions as much as
possible. | | |
| Architecture and Design | | Identify all possible code paths that might access sensitive
resources. If possible, create and use a single interface that performs
the access checks, and develop code standards that require use of this
interface. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-638 ChildOf CWE-894 | Category | CWE-888 | |
Demonstrative Examples (Details)
- When a developer begins to implement input validation for a web
application, often the validation is performed in each area of the code that
uses externally-controlled input. In complex applications with many inputs,
the developer often misses a parameter here or a cookie there. One
frequently-applied solution is to centralize all input validation, store
these validated inputs in a separate data structure, and require that all
access of those inputs must be through that data structure. An alternate
approach would be to use an external input validation framework such as
Struts, which performs the validation before the inputs are ever processed
by the code.
- When executable library files are used on web servers, which is
common in PHP applications, the developer might perform an access check in
any user-facing executable, and omit the access check from the library file
itself. By directly requesting the library file (CWE-425), an attacker can
bypass this access check.
Observed Examples
- CVE-2007-0408 : Server does not properly validate client certificates when reusing cached connections.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:
- Jerome H. Saltzer Michael D. Schroeder .The Protection of Information in Computer
Systems. Proceedings of the IEEE 63. Published on September, 1975.
- Sean Barnum Michael Gegick .Complete Mediation. Published on 2005-09-12.
