Unprotected Primary Channel
Draft Base
Structure: Simple
Description
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Common Consequences 1
Scope: Access Control
Impact: Gain Privileges or Assume IdentityBypass Protection Mechanism
Potential Mitigations 2
Phase: Architecture and Design
Do not expose administrative functionnality on the user UI.
Phase: Architecture and Design
Protect the administrative/restricted functionality with a strong authentication mechanism.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
Taxonomy Mapping
- PLOVER