Incorrect User Management |
Weakness ID: 286 (Weakness Class) | Status: Incomplete |
Description Summary
The software does not properly manage a user within its environment.
Extended Description
Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 264 | Permissions, Privileges, and Access Controls | Development Concepts (primary)699 |
ChildOf | Weakness Class | 664 | Improper Control of a Resource Through its Lifetime | Research Concepts (primary)1000 |
CanAlsoBe | Weakness Base | 266 | Incorrect Privilege Assignment | Research Concepts1000 |
The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-396). |
This item needs more work. Possible sub-categories include: user in wrong group, and user with insecure profile or "configuration". It also might be better expressed as a category than a weakness. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Maintenance Notes, Name, Relationships, Taxonomy Mappings | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-09-09 | User Management Issues | |||