Improper Handling of Insufficient Permissions or PrivilegesID: 280 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The application does not handle or incorrectly handles when it
has insufficient privileges to access resources or functionality as specified by
their permissions. This may cause it to follow unexpected code paths that may
leave the application in an invalid state.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | OtherAlter execution
logic | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | Separation of Privilege | Compartmentalize the system to have "safe" areas where trust
boundaries can be unambiguously drawn. Do not allow sensitive data to go
outside of the trust boundary and always be careful when interfacing
with a compartment outside of the safe area.Ensure that appropriate compartmentalization is built into the system
design and that the compartmentalization serves to allow for and further
reinforce privilege separation functionality. Architects and designers
should rely on the principle of least privilege to decide when it is
appropriate to use and to drop system privileges. | | |
Implementation | | Always check to see if you have successfully accessed a resource or
system functionality, and use proper error handling if it is
unsuccessful. Do this even when you are operating in a highly privileged
mode, because errors or environmental conditions might still cause a
failure. For example, environments with highly granular
permissions/privilege models, such as Windows or Linux capabilities, can
cause unexpected failures. | | |
RelationshipsThis can be both primary and resultant. When primary, it can expose a
variety of weaknesses because a resource might not have the expected state,
and subsequent operations might fail. It is often resultant from Unchecked
Error Condition (CWE-391).
Related CWE | Type | View | Chain |
---|
CWE-280 ChildOf CWE-889 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2003-0501 : Special file system allows attackers to prevent ownership/permission change of certain entries by opening the entries before calling a setuid program.
- CVE-2004-0148 : FTP server places a user in the root directory when the user's permissions prevent access to his/her own home directory.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Fails poorly due to insufficient
permissions | |
WASC | 17 | Improper Filesystem Permissions | |
References:None