Comprehensive Categorization: Access Control

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to access control.

Weaknesses

ASP.NET Misconfiguration: Password in Configuration File

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attac...

ASP.NET Misconfiguration: Use of Identity Impersonation

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

Authentication Bypass by Alternate Name

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all ...

Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it t...

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

The product modifies the SSL context after connection creation has begun.

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Authorization Bypass Through User-Controlled SQL Primary Key

The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be contr...

Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a...

CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of me...

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Empty Password in Configuration File

Using an empty string as a password is insecure.

Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the origi...

Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges

The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of th...

Generation of Incorrect Security Tokens

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Se...

Guessable CAPTCHA

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

Hardware Allows Activation of Test or Debug Logic at Runtime

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the ...

Hardware Child Block Incorrectly Connected to Parent System

Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Improper Access Control Applied to Mirrored or Aliased Memory Regions

Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted ag...

Improper Access Control for Register Interface

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient acc...

Improper Access Control in Fabric Bridge

The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, ident...

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Improper Authorization in Handler for Custom URL Scheme

The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

Improper Authorization of Index Containing Sensitive Information

The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original info...

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the dat...

Improper Following of a Certificate's Chain of Trust

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resou...

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may...

Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

Improper Handling of Overlap Between Protected Memory Ranges

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Improper Management of Sensitive Trace Data

Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted ag...

Improper Ownership Management

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Improper Physical Access Control

The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these...

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restricti...

Improper Prevention of Lock Bit Modification

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bi...

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Protection for Outbound Error Messages and Alert Signals

Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.

Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicati...

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute fo...

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusio...

Improper Restriction of Security Token Assignment

The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. ...

Improper Restriction of Software Interfaces to Hardware Features

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functional...

Improper Restriction of Write-Once Bit Fields

The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product ...

Improper Setting of Bus Controlling Capability in Fabric End-point

The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.

Improper Translation of Security Attributes by Fabric Bridge

The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.

Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Improper Verification of Intent by Broadcast Receiver

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is ...

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or ...

Inclusion of Undocumented Features or Chicken Bits

The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows ...

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.

Incorrect Chaining or Granularity of Debug Components

The product's debug components contain incorrect chaining or granularity of debug components.

Incorrect Conversion of Security Identifiers

The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, un...

Incorrect Decoding of Security Identifiers

The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrust...

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Incorrect Execution-Assigned Permissions

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the f...

Incorrect User Management

The product does not properly manage a user within its environment.

Incorrectly Specified Destination in a Communication Channel

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Insecure Preserved Inherited Permissions

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.

Insecure Security Identifier Mechanism

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entit...

Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system fro...

Insufficient Granularity of Address Regions Protected by Register Locks

The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional require...

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Internal Asset Exposed to Unsafe Debug Access Level or State

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal ...

J2EE Misconfiguration: Plaintext Password in Configuration File

The J2EE application stores a plaintext password in a configuration file.

J2EE Misconfiguration: Weak Access Permissions for EJB Methods

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.

Key Exchange without Entity Authentication

The product performs a key exchange with an actor without verifying the identity of that actor.

Least Privilege Violation

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Missing Check for Certificate Revocation after Initial Check

The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even af...

Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external ...

Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transact...

Missing Validation of OpenSSL Certificate

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary sec...

Missing Write Protection for Parametric Data Values

The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and...

Mutable Attestation or Measurement Reporting Data

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

.NET Misconfiguration: Use of Impersonation

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms ...

Not Using Password Aging

The product does not have a mechanism in place for managing password aging.

On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the ...

Overly Restrictive Account Lockout Mechanism

The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny serv...

Password Aging with Long Expiration

The product supports password aging, but the expiration period is too long.

Password in Configuration File

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Permissive Cross-domain Policy with Untrusted Domains

The product uses a cross-domain policy file that includes domains that should not be trusted.

Placement of User into Incorrect Group

The product or the administrator places a user into an incorrect group.

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Policy Privileges are not Assigned Consistently Between Control and Data Agents

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Policy Uses Obsolete Encoding

The product uses an obsolete encoding mechanism to implement access controls.

Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that...

Privilege Context Switching Error

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Privilege Dropping / Lowering Errors

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

Race Condition During Access to Alternate Channel

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.

Reflection Attack in an Authentication Protocol

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Reliance on IP Address for Authentication

The product uses an IP address for authentication.

Reliance on Reverse DNS Resolution for a Security-Critical Action

The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address i...

Security Version Number Mutable to Older Versions

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Security-Sensitive Hardware Controls with Missing Lock Bit Protection

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform ...

Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

Sensitive Cookie Without 'HttpOnly' Flag

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

Sensitive Non-Volatile Information Not Protected During Debug

Access to security-sensitive information stored in fuses is not limited during debug.

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the reques...

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal au...

Storage of Sensitive Data in a Mechanism without Access Control

The product stores sensitive information in a file system or device that does not have built-in access control.

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypte...

Unauthorized Error Injection Can Degrade Hardware Redundancy

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

Unintended Proxy or Intermediary ('Confused Deputy')

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request bef...

Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Unprotected Confidential Information on Device is Accessible by OSAT Vendors

The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.

Unprotected Primary Channel

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Unprotected Windows Messaging Channel ('Shatter')

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel throug...

Unsafe ActiveX Control Marked Safe For Scripting

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

Unverified Ownership

The product does not properly verify that a critical resource is owned by the proper entity.

Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Use of Client-Side Authentication

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client tha...

Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

Use of Default Cryptographic Key

The product uses a default cryptographic key for potentially critical functionality.

Use of Default Password

The product uses default passwords for potentially critical functionality.

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter...

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.

Use of Non-Canonical URL Paths for Authorization Decisions

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass t...

Use of Password Hash Instead of Password for Authentication

The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.

Use of Password System for Primary Authentication

The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

Use of Single-factor Authentication

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying sec...

Using Referer Field for Authentication

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identit...

Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Concepts

Comprehensive Categorization for Software Assurance Trends

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...

See Also

  1. CVE --> CWE Mapping Guidance - Quick Tips

    MITRE


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.