Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-264: Permissions, Privileges, and Access Controls

Permissions, Privileges, and Access Controls
Category ID: 264 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
+ Applicable Platforms



+ Potential Mitigations

Phase: Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
ParentOfCategoryCategory265Privilege / Sandbox Issues
Development Concepts (primary)699
ParentOfCategoryCategory275Permission Issues
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class282Improper Ownership Management
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class284Improper Access Control
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
CanAlsoBeWeakness BaseWeakness Base283Unverified Ownership
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERPermissions, Privileges, and ACLs
+ References
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 7, "How Tokens, Privileges, SIDs, ACLs, and Processes Relate" Page 218. 2nd Edition. Microsoft. 2002.
+ Content History
Submission DateSubmitterOrganizationSource
Externally Mined
Modification DateModifierOrganizationSource
updated Relationships, Taxonomy_Mappings
updated References
updated Relationships
updated Potential_Mitigations
Page Last Updated: June 23, 2014