CWE

Improper Handling of Insufficient Privileges

ID: 274		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Base

Description

The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Other	Other Alter execution logic

Detection Methods
None

Potential Mitigations
None

Relationships
Overlaps dropped privileges, insufficient permissions.
This has a layering relationship with Unchecked Error Condition and Unchecked Return Value.

Related CWE	Type	View	Chain
CWE-274 ChildOf CWE-901	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-2001-1564 : System limits are not properly enforced after privileges are dropped.
2. CVE-2005-3286 : Firewall crashes when it can't read a critical memory block that was protected by a malicious process.
3. CVE-2005-1641 : Does not give admin sufficient privileges to overcome otherwise legitimate user actions.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Insufficient privileges

References:
None