A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to authorization components of a system. Frequently these deal with the ability to enforce that agents have the required permissions before performing certain operations, such as modifying data. If not addressed when designing or implementing a software system, these weaknesses could lead to a degradation of the quality of the authorization capability.
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original info...
If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system fro...
The software or the administrator places a user into an incorrect group.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...