Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-266: Incorrect Privilege Assignment

Weakness ID: 266
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Common Consequences
Access Control

Technical Impact: Gain privileges / assume identity

A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.

+ Demonstrative Examples

Example 1

Evidence of privilege change:

(Bad Code)
Example Language:
/* do some stuff */
(Bad Code)
Example Language: Java 
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// privileged code goes here, for example:
return null;
// nothing to return

Example 2

This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.

(Bad Code)
Example Language: Java 
Intent intent = new Intent();
Example Language: Java 
public class CallReceiver extends BroadcastReceiver {
public void onReceive(Context context, Intent intent) {
Uri userData = intent.getData();

Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user's data.

+ Observed Examples
untrusted user placed in unix "wheel" group
Product allows users to grant themselves certain rights that can be used to escalate privileges.
Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
Product mistakenly assigns a particular status to an entity, leading to increased privileges.
+ Potential Mitigations

Phases: Architecture and Design; Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phases: Architecture and Design; Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [R.266.1]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

+ Weakness Ordinalities
(where the weakness is typically related to the presence of some other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory265Privilege / Sandbox Issues
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base269Improper Privilege Management
Research Concepts (primary)1000
ChildOfCategoryCategory634Weaknesses that Affect System Processes
Resource-specific Weaknesses (primary)631
ChildOfCategoryCategory723OWASP Top Ten 2004 Category A2 - Broken Access Control
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory859CERT Java Secure Coding Section 14 - Platform Security (SEC)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOfCategoryCategory901SFP Primary Cluster: Privilege
Software Fault Pattern (SFP) Clusters (primary)888
CanAlsoBeWeakness ClassWeakness Class286Incorrect User Management
Research Concepts1000
ParentOfWeakness VariantWeakness Variant9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant520.NET Misconfiguration: Use of Impersonation
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant556ASP.NET Misconfiguration: Use of Identity Impersonation
Research Concepts (primary)1000
MemberOfViewView884CWE Cross-section
CWE Cross-section (primary)884
+ Affected Resources
  • System Process
+ Causal Nature


+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERIncorrect Privilege Assignment
CERT Java Secure CodingSEC00-JDo not allow privileged blocks to leak sensitive information across a trust boundary
CERT Java Secure CodingSEC01-JDo not allow tainted variables in privileged blocks
+ References
[R.266.1] [31] Sean Barnum and Michael Gegick. "Least Privilege". 2005-09-14. <>.
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
2009-03-10CWE Content TeamMITREInternal
updated Relationships
2009-12-28CWE Content TeamMITREInternal
updated Potential_Mitigations
2010-06-21CWE Content TeamMITREInternal
updated Potential_Mitigations
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations, References
2014-02-18CWE Content TeamMITREInternal
updated Applicable_Platforms, Demonstrative_Examples

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017