CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.4)  

CWE-283: Unverified Ownership

Individual Definition in a New Window
Unverified Ownership
Status: Draft
Weakness ID: 283 (Weakness Base)
+ Description
Summary

The software does not properly verify that a critical resource is owned by the proper entity.

+ Time of Introduction
* Architecture and Design
+ Applicable Platforms
Languages
All
+ Observed Examples
ReferenceDescription
Program does not verify the owner of a UNIX socket that is used for sending a password.
Owner of special device not checked, allowing root.
+ Potential Mitigations

Very carefully manage the setting, management and handling of privileges. Explicitly manage trust zones in the software.

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class282Improper Ownership Management
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness ClassWeakness Class703Failure to Handle Exceptional Conditions
Research Concepts1000
CanAlsoBeCategoryCategory264Permissions, Privileges, and Access Controls
Research Concepts1000
CanAlsoBeWeakness ClassWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Research Concepts1000
ChildOfCategoryCategory723OWASP Top Ten 2004 Category A2 - Broken Access Control
Weaknesses in OWASP Top Ten (2004) (primary)711
+ Relationship Notes

This overlaps insufficient comparison, verification errors, permissions, and privileges.

+ Taxonomy Mappings
Mapped Taxonomy NameMapped Node Name
PLOVERUnverified Ownership
+ Content History
Submissions
PLOVER. (Externally Mined)
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Relationship_Notes, Taxonomy_Mappings
CWE Content Team. MITRE. 2009-03-10. (Internal)
updated Relationships
Page Last Updated: May 26, 2009