[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Permissions, Privileges, and Access Controls

ID: 264Date: (C)2012-05-14   (M)2018-09-17
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Separation of Privilege
 
Follow the principle of least privilege when assigning access rights to entities in a software system.
 
  

Relationships

Related CWETypeViewChain
CWE-264 ChildOf CWE-254 Category CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permissions, Privileges, and ACLs
 
 

References:

  1. M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218'. Published on 2002.
CVE    2377
CVE-2008-7186
CVE-2010-0774
CVE-2009-0904
CVE-2006-4136
...

© SecPod Technologies