CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.4)  

CWE-264: Permissions, Privileges, and Access Controls

Individual Definition in a New Window
Permissions, Privileges, and Access Controls
Status: Incomplete
Category ID: 264 (Category)
+ Description
Summary

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

+ Applicable Platforms
Languages
All
+ Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
ParentOfCategoryCategory265Privilege / Sandbox Issues
Development Concepts (primary)699
ParentOfCategoryCategory275Permission Issues
Development Concepts (primary)699
ParentOfWeakness ClassWeakness ClassWeakness Class250Execution with Unnecessary Privileges
Development Concepts699
ParentOfWeakness ClassWeakness ClassWeakness Class282Improper Ownership Management
Development Concepts (primary)699
CanAlsoBeWeakness BaseWeakness BaseWeakness Base283Unverified Ownership
Research Concepts1000
ParentOfWeakness ClassWeakness ClassWeakness Class284Access Control (Authorization) Issues
Development Concepts (primary)699
ParentOfWeakness ClassWeakness ClassWeakness Class286Incorrect User Management
Development Concepts (primary)699
+ Taxonomy Mappings
Mapped Taxonomy NameMapped Node Name
PLOVERPermissions, Privileges, and ACLs
+ Content History
Submissions
PLOVER. (Externally Mined)
Modifications
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Taxonomy_Mappings
Page Last Updated: May 26, 2009