|
|
|
|
CWE-283: Unverified Ownership | |
| Weakness ID: 283 (Weakness Base) | | Status: Draft |
 Description
Description Summary The software does not properly verify that a critical resource
is owned by the proper entity.
Time of Introduction Observed Examples | Reference | Description |
|---|
| CVE-2001-0178 | Program does not verify the owner of a UNIX socket
that is used for sending a password. |
| CVE-2004-2012 | Owner of special device not checked, allowing
root. |
Potential Mitigations | ID | Phase | Description |
|---|
| 1 | | Very carefully manage the setting, management and handling of
privileges. Explicitly manage trust zones in the software. |
| | Consider following the principle of separation of privilege. Require
multiple conditions to be met before permitting access to a system
resource. |
Relationships Relationship Notes
|
This overlaps insufficient comparison, verification errors, permissions,
and privileges.
|
Taxonomy Mappings | Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|
| PLOVER | | | Unverified Ownership |
Content History | Submissions |
|---|
| Submission Date | Submitter | Organization | Source |
|---|
| PLOVER | | Externally Mined | | | Modifications |
|---|
| Modification Date | Modifier | Organization | Source |
|---|
| 2008-07-01 | Eric Dalci | Cigital | External | | updated Time of Introduction | | 2008-09-08 | CWE Content Team | MITRE | Internal | | updated Relationships, Relationship Notes,
Taxonomy Mappings | | 2009-03-10 | CWE Content Team | MITRE | Internal | | updated Relationships |
|
