CWE 723

OWASP Top Ten 2004 Category A2 - Broken Access Control

Category ID: 723 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2004.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Weakness Variant	9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	41	Improper Resolution of Path Equivalence	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	73	External Control of File Name or Path	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	266	Incorrect Privilege Assignment	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	268	Privilege Chaining	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Category	275	Permission Issues	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	283	Unverified Ownership	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	284	Access Control (Authorization) Issues	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	285	Improper Access Control (Authorization)	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	330	Use of Insufficiently Random Values	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	425	Direct Request ('Forced Browsing')	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	525	Information Leak Through Browser Caching	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	556	ASP.NET Misconfiguration: Use of Identity Impersonation	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	639	Access Control Bypass Through User-Controlled Key	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	708	Incorrect Ownership Assignment	Weaknesses in OWASP Top Ten (2004) (primary)711
MemberOf	View	711	Weaknesses in OWASP Top Ten (2004)	Weaknesses in OWASP Top Ten (2004) (primary)711

References

OWASP. "A2 Broken Access Control". 2007. <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-08-15		Veracode	External Submission
2008-08-15	Suggested creation of view and provided mappings
Modifications
Modification Date	Modifier	Organization	Source
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Relationships

CWE 723

COMPANY

STANDARDS

RECENT POSTS

MENU