CWE

Improper Ownership Management

ID: 282		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Class

Description

The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design

Related Attack Patterns

• CAPEC-17
• CAPEC-35

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Gain privileges / assume identity

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design Operation		Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Relationships

Related CWE	Type	View	Chain
CWE-282 ChildOf CWE-899	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-1999-1125 : Program runs setuid root but relies on a configuration file owned by a non-root user.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Ownership errors

References:
None