CWE
Home > CWE List > CWE-283 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-283 Individual Dictionary Definition (Draft 9)

Unverified Ownership
Weakness ID
Status: Draft

283 (Weakness Base)

Description

Summary

The software does not properly verify that a critical resource is owned by the proper entity.

Potential Mitigations

Very carefully manage the setting, management and handling of privileges. Explicitly manage trust zones in the software.

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

Observed Examples
ReferenceDescription
CVE-2001-0178Program does not verify the owner of a UNIX socket that is used for sending a password.
CVE-2004-2012Owner of special device not checked, allowing root.
Context Notes

This overlaps verification errors, permissions, and privileges.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class282Improper Ownership Management
CanAlsoBeCategoryCategory264Permissions, Privileges, and Access Controls
CanAlsoBeWeakness ClassWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Source Taxonomies

PLOVER - Unverified Ownership

Applicable Platforms

All

Page Last Updated: April 22, 2008