CWE
Home > CWE List > CWE-264 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-264 Individual Dictionary Definition (Draft 9)

Permissions, Privileges, and Access Controls
Category ID
Status: Incomplete

264 (Category)

Description

Summary

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.

Relationships
NatureTypeIDName
ChildOfCategoryCategory254Security Features
ChildOfViewView635
ParentOfCategoryCategory265Privilege / Sandbox Issues
ParentOfCategoryCategory275Permission Issues
ParentOfWeakness ClassWeakness ClassWeakness Class250Design Principle Violation: Failure to Use Least Privilege
ParentOfWeakness ClassWeakness ClassWeakness Class282Improper Ownership Management
CanAlsoBeWeakness BaseWeakness BaseWeakness Base283Unverified Ownership
ParentOfWeakness ClassWeakness ClassWeakness Class284Access Control Issues
ParentOfWeakness ClassWeakness ClassWeakness Class286User Management Issues
Source Taxonomies

PLOVER - Permissions, Privileges, and ACLs

Applicable Platforms

All

Related Attack Patterns
CAPEC-IDAttack Pattern Name
35Leverage Executable Code in Nonexecutable Files
17Accessing, Modifying or Executing Executable Files
76Manipulating Input to File System Calls
58Restful Privilege Elevation
5Analog In-band Switching Signals (aka Blue Boxing)
69Target Programs with Elevated Privileges
Back to top
Page Last Updated: April 22, 2008
 

CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us