Weakness ID: 274
Abstraction: Base Status: Draft
The software does not
handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Time of Introduction
Architecture and Design
Technical Impact: Other; Alter execution
System limits are not properly enforced after
privileges are dropped.
Firewall crashes when it can't read a critical
memory block that was protected by a malicious
Does not give admin sufficient privileges to
overcome otherwise legitimate user actions.
the weakness exists independent of other weaknesses)
Overlaps dropped privileges, insufficient permissions.
This has a layering relationship with Unchecked Error Condition and
Unchecked Return Value.
Within the context of vulnerability theory, privileges and permissions are
two sides of the same coin. Privileges are associated with actors, and
permissions are associated with resources. To perform access control, at
some point the software makes a decision about whether the actor (and the
privileges that have been assigned to that actor) is allowed to access the
resource (based on the permissions that have been specified for that
Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Insufficient privileges
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Description, Maintenance_Notes, Relationships,
Weakness_Ordinalities 2009-03-10 CWE Content Team MITRE Internal updated Maintenance_Notes,
Theoretical_Notes 2009-05-27 CWE Content Team MITRE Internal updated Description, Name 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-04-11 Insufficient
Privileges 2009-05-27 Failure to Handle
More information is available — Please select a different filter.