Category: Authorize Actors
Draft
Summary
Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with enforcing that agents have the required permissions before performing certain operations, such as modifying data. The weaknesses in this category could lead to a degradation of quality of the authorization capability if they are not addressed when designing or implementing a secure architecture.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-114 | Process Control | Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. |
| CWE-15 | External Control of System or Configuration Setting | One or more system settings or configuration elements can be externally controlled by a user. |
| CWE-219 | Storage of File with Sensitive Data Under Web Root | The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. |
| CWE-220 | Storage of File With Sensitive Data Under FTP Root | The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties. |
| CWE-266 | Incorrect Privilege Assignment | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-267 | Privilege Defined With Unsafe Actions | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
| CWE-268 | Privilege Chaining | Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination. |
| CWE-269 | Improper Privilege Management | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
| CWE-270 | Privilege Context Switching Error | The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. |
| CWE-271 | Privilege Dropping / Lowering Errors | The product does not drop privileges before passing control of a resource to an actor that does not have those privileges. |
| CWE-272 | Least Privilege Violation | The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
| CWE-273 | Improper Check for Dropped Privileges | The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. |
| CWE-274 | Improper Handling of Insufficient Privileges | The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. |
| CWE-276 | Incorrect Default Permissions | During installation, installed file permissions are set to allow anyone to modify those files. |
| CWE-277 | Insecure Inherited Permissions | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
| CWE-279 | Incorrect Execution-Assigned Permissions | While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
| CWE-281 | Improper Preservation of Permissions | The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. |
| CWE-282 | Improper Ownership Management | The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. |
| CWE-283 | Unverified Ownership | The product does not properly verify that a critical resource is owned by the proper entity. |
| CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-285 | Improper Authorization | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-286 | Incorrect User Management | The product does not properly manage a user within its environment. |
| CWE-300 | Channel Accessible by Non-Endpoint | The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
| CWE-341 | Predictable from Observable State | A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc. |
| CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
| CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors. |
| CWE-419 | Unprotected Primary Channel | The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. |
| CWE-420 | Unprotected Alternate Channel | The product protects a primary channel, but it does not use the same level of protection for an alternate channel. |
| CWE-425 | Direct Request ('Forced Browsing') | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
| CWE-426 | Untrusted Search Path | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-527 | Exposure of Version-Control Repository to an Unauthorized Control Sphere | The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors. |
| CWE-528 | Exposure of Core Dump File to an Unauthorized Control Sphere | The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors. |
| CWE-529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere. |
| CWE-530 | Exposure of Backup File to an Unauthorized Control Sphere | A backup file is stored in a directory or archive that is made accessible to unauthorized actors. |
| CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
| CWE-551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection. |
| CWE-552 | Files or Directories Accessible to External Parties | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor. |
| CWE-639 | Authorization Bypass Through User-Controlled Key | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
| CWE-642 | External Control of Critical State Data | The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors. |
| CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization. |
| CWE-653 | Improper Isolation or Compartmentalization | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
| CWE-656 | Reliance on Security Through Obscurity | The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism. |
| CWE-668 | Exposure of Resource to Wrong Sphere | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
| CWE-669 | Incorrect Resource Transfer Between Spheres | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
| CWE-671 | Lack of Administrator Control over Security | The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator. |
| CWE-673 | External Influence of Sphere Definition | The product does not prevent the definition of control spheres from external actors. |
| CWE-708 | Incorrect Ownership Assignment | The product assigns an owner to a resource, but the owner is outside of the intended control sphere. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-770 | Allocation of Resources Without Limits or Throttling | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
| CWE-782 | Exposed IOCTL with Insufficient Access Control | The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. |
| CWE-827 | Improper Control of Document Type Definition | The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the product to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker. |
| CWE-862 | Missing Authorization | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-863 | Incorrect Authorization | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | The product stores sensitive information in a file system or device that does not have built-in access control. |
| CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
| CWE-939 | Improper Authorization in Handler for Custom URL Scheme | The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme. |
| CWE-942 | Permissive Cross-domain Security Policy with Untrusted Domains | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
| CWE-1008 | Architectural Concepts | This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.