Category: Authorize Actors
Draft
Summary
Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with enforcing that agents have the required permissions before performing certain operations, such as modifying data. The weaknesses in this category could lead to a degradation of quality of the authorization capability if they are not addressed when designing or implementing a secure architecture.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-114 | Process Control | Process Control vulnerabilities occur when an application executes commands or loads libraries from an untrusted source or environment, allowing an attacker to run malicious code. |
| CWE-15 | External Control of System or Configuration Setting | This vulnerability occurs when an application allows users to directly modify critical system settings or configuration values from an external source. |
| CWE-219 | Storage of File with Sensitive Data Under Web Root | This vulnerability occurs when an application saves sensitive files, such as configuration data or private keys, inside the web server's publicly accessible directory. Without proper access restrictions, attackers can directly request and download these files. |
| CWE-220 | Storage of File With Sensitive Data Under FTP Root | This vulnerability occurs when an application saves sensitive files, such as configuration or user data, within the directory served by an FTP server without proper access restrictions. This misconfiguration can allow unauthorized users to download these files directly. |
| CWE-266 | Incorrect Privilege Assignment | This vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not have. This error creates an unintended level of access, allowing the actor to perform actions beyond their intended authority. |
| CWE-267 | Privilege Defined With Unsafe Actions | This vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous, unintended actions. The permission itself is correctly assigned, but its scope is too broad or allows for unsafe operations. |
| CWE-268 | Privilege Chaining | Privilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to perform a harmful action that neither permission should individually allow. |
| CWE-269 | Improper Privilege Management | This vulnerability occurs when an application fails to correctly manage user permissions, allowing someone to perform actions or access data beyond their intended authority. |
| CWE-270 | Privilege Context Switching Error | This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions. |
| CWE-271 | Privilege Dropping / Lowering Errors | This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component. |
| CWE-272 | Least Privilege Violation | This vulnerability occurs when software fails to reduce its elevated system privileges after completing a sensitive operation, leaving it with unnecessary and dangerous access rights. |
| CWE-273 | Improper Check for Dropped Privileges | This vulnerability occurs when an application tries to lower its system privileges but fails to verify that the operation was successful. |
| CWE-274 | Improper Handling of Insufficient Privileges | This vulnerability occurs when an application fails to properly manage situations where it lacks the necessary permissions to execute an action. This flawed handling can lead to crashes, data corruption, or unintended security bypasses. |
| CWE-276 | Incorrect Default Permissions | This vulnerability occurs when software installation scripts set overly permissive file or directory access rights by default. Instead of restricting write access to authorized users or processes, the installation allows unintended actors to modify, delete, or corrupt critical application files. |
| CWE-277 | Insecure Inherited Permissions | This vulnerability occurs when an application sets default file or directory permissions that are too permissive, and these insecure settings are automatically passed down to new files or objects the program creates. |
| CWE-279 | Incorrect Execution-Assigned Permissions | This vulnerability occurs when a running application incorrectly changes an object's access permissions, overriding the security settings that a user or administrator intentionally configured. |
| CWE-280 | Improper Handling of Insufficient Permissions or Privileges | This vulnerability occurs when a system fails to properly manage situations where it lacks the necessary permissions to perform an action or access a resource. This flawed handling can force the application into unintended states or error paths, potentially leading to crashes, data corruption, or security bypasses. |
| CWE-281 | Improper Preservation of Permissions | This vulnerability occurs when a system fails to correctly maintain file or object permissions during operations like copying, sharing, or restoring data. As a result, these resources can end up with weaker, more permissive security settings than the original owner intended. |
| CWE-282 | Improper Ownership Management | This vulnerability occurs when a system incorrectly assigns or fails to verify which user or process rightfully controls a specific object or resource. |
| CWE-283 | Unverified Ownership | This vulnerability occurs when an application fails to confirm that a user has legitimate ownership rights to a sensitive resource before allowing them to perform actions on it. |
| CWE-284 | Improper Access Control | The software fails to properly limit who can access a resource, allowing unauthorized users or systems to interact with it. |
| CWE-285 | Improper Authorization | This vulnerability occurs when an application fails to properly verify whether a user has permission to access specific data or perform certain actions before allowing the request. |
| CWE-286 | Incorrect User Management | This vulnerability occurs when an application incorrectly handles user accounts, roles, or group memberships, leading to improper access control. |
| CWE-300 | Channel Accessible by Non-Endpoint | This vulnerability occurs when a system fails to properly verify who is on the other end of a communication link or to secure the channel itself. This allows an unauthorized third party to access or manipulate the communication as if they were a legitimate participant. |
| CWE-341 | Predictable from Observable State | This vulnerability occurs when an attacker can guess or deduce sensitive values, like random numbers or identifiers, by observing predictable system or network characteristics such as timestamps, process IDs, or other public information. |
| CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | This vulnerability occurs when an application fails to adequately protect sensitive personal data, allowing access to individuals who either lack proper authorization or haven't provided necessary consent for its use. |
| CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | This vulnerability occurs when a parent process launches a child process without first closing sensitive file descriptors. The child process inherits these open handles, potentially gaining unauthorized access to files, sockets, or other resources it shouldn't be able to interact with. |
| CWE-419 | Unprotected Primary Channel | This vulnerability occurs when an application exposes a privileged administrative interface or restricted functionality through a primary channel (like a specific port, endpoint, or protocol) without implementing adequate security controls to protect it. |
| CWE-420 | Unprotected Alternate Channel | This vulnerability occurs when an application secures its main communication path but leaves a backup or alternative channel with weaker or no protection. |
| CWE-425 | Direct Request ('Forced Browsing') | This vulnerability occurs when a web application fails to verify user permissions for every protected page, file, or API endpoint, allowing attackers to access them directly. |
| CWE-426 | Untrusted Search Path | This vulnerability occurs when an application relies on an external search path, provided by a user or environment, to find and load critical resources like executables or libraries. Because the application does not fully control this path, an attacker can manipulate it to point to malicious files. |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | This vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server. |
| CWE-527 | Exposure of Version-Control Repository to an Unauthorized Control Sphere | This vulnerability occurs when a version control repository, like Git or SVN, is accidentally placed in a location accessible to unauthorized users, such as a web server directory or a public archive. |
| CWE-528 | Exposure of Core Dump File to an Unauthorized Control Sphere | This vulnerability occurs when an application creates a core dump file (a snapshot of memory at the time of a crash) and places it in a location accessible to unauthorized users or systems. |
| CWE-529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | This vulnerability occurs when an application stores sensitive access control list (ACL) files in a location that is accessible to unauthorized users or systems. |
| CWE-530 | Exposure of Backup File to an Unauthorized Control Sphere | This vulnerability occurs when backup or temporary files are stored in locations that unauthorized users can access, such as web directories. |
| CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | This vulnerability occurs when an application unintentionally stores confidential data—like passwords, API keys, or personal user details—in a location that is publicly accessible or readable by unauthorized users. Even if the file itself is intended to be available, the sensitive information within it should not be. |
| CWE-551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | This vulnerability occurs when a web server checks access permissions before fully processing and normalizing a URL, potentially allowing attackers to bypass security controls. |
| CWE-552 | Files or Directories Accessible to External Parties | This vulnerability occurs when an application exposes files or directories to users who shouldn't have access to them. |
| CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | This vulnerability occurs when an application allows a user to directly control the primary key value used in a SQL query, enabling them to access database records they are not authorized to view. |
| CWE-639 | Authorization Bypass Through User-Controlled Key | This vulnerability occurs when an application's authorization system fails to verify that a user is allowed to access specific data before retrieving it, allowing an attacker to access another user's information by manipulating an identifier they control. |
| CWE-642 | External Control of Critical State Data | This vulnerability occurs when an application stores security-sensitive state data in locations that unauthorized users can access and modify. |
| CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | This vulnerability occurs when an application's authorization logic relies on specific URL paths but fails to enforce a single, standardized format. Attackers can bypass access controls by using alternative, equivalent URL formats that the system doesn't recognize as the same protected resource. |
| CWE-653 | Improper Isolation or Compartmentalization | This vulnerability occurs when an application fails to enforce strong boundaries between components that operate at different security levels, allowing lower-privileged functions to improperly interact with higher-privileged ones. |
| CWE-656 | Reliance on Security Through Obscurity | This weakness occurs when a system's primary defense relies on hiding how it works, rather than using a robust, well-tested security mechanism. If an attacker discovers the hidden details—like a secret algorithm or hardcoded key—the protection fails completely. |
| CWE-668 | Exposure of Resource to Wrong Sphere | This vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have permission to use it. |
| CWE-669 | Incorrect Resource Transfer Between Spheres | This vulnerability occurs when an application incorrectly moves or shares a resource (like data, permissions, or functionality) between different trust boundaries or security contexts. This improper transfer can give unintended actors control over that resource, leading to security breaches. |
| CWE-671 | Lack of Administrator Control over Security | This weakness occurs when a system's built-in security settings cannot be adjusted by its administrator. This prevents tailoring security to the specific deployment environment, forcing the system to operate at a lower or inappropriate security level than required. |
| CWE-673 | External Influence of Sphere Definition | The application allows external parties to modify its security boundaries or trusted zones, which should be defined and controlled internally. |
| CWE-708 | Incorrect Ownership Assignment | This vulnerability occurs when a system grants ownership of a resource to an entity that should not have that level of control, placing it outside the intended security boundary. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | This vulnerability occurs when a system grants overly permissive access to a sensitive resource, allowing unauthorized users or processes to read or alter it. |
| CWE-770 | Allocation of Resources Without Limits or Throttling | This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of it as a buffet with no rules on how much one person can take, eventually leaving nothing for others and causing the system to fail. |
| CWE-782 | Exposed IOCTL with Insufficient Access Control | This vulnerability occurs when a system exposes an IOCTL (Input/Output Control) interface that performs sensitive operations, but fails to implement proper checks to verify which users or processes are allowed to call it. |
| CWE-827 | Improper Control of Document Type Definition | This vulnerability occurs when an application fails to properly restrict which Document Type Definitions (DTDs) can be referenced during XML parsing. Attackers can exploit this by injecting references to malicious DTDs, potentially leading to unauthorized file access, server-side request forgery (SSRF), or denial-of-service through resource exhaustion. |
| CWE-862 | Missing Authorization | This vulnerability occurs when an application fails to verify whether a user has permission to access specific data or execute certain actions before allowing the request to proceed. |
| CWE-863 | Incorrect Authorization | This vulnerability occurs when an application checks if a user is allowed to perform an action or access data, but the check is flawed or incomplete, allowing unauthorized access. |
| CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | This vulnerability occurs when an application saves sensitive information to a storage location that lacks proper access restrictions, allowing unauthorized users or applications to view or modify the data. |
| CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | This vulnerability occurs when a system opens a communication channel for a sensitive task but fails to properly verify that it's actually talking to the correct, intended destination. This allows a malicious actor to impersonate the legitimate endpoint. |
| CWE-939 | Improper Authorization in Handler for Custom URL Scheme | This vulnerability occurs when an app implements a custom URL scheme handler but fails to properly verify which other apps or sources are allowed to trigger it. |
| CWE-942 | Permissive Cross-domain Security Policy with Untrusted Domains | This vulnerability occurs when a web application's cross-domain security policy, like a Content Security Policy (CSP), explicitly allows communication with untrusted or overly permissive external domains. |
| CWE-1008 | Architectural Concepts | This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.