Unverified Ownership |
Weakness ID: 283 (Weakness Base) | Status: Draft |
Description Summary
The software does not properly verify that a critical resource is owned by the proper entity.
Reference | Description |
---|---|
CVE-2001-0178 | Program does not verify the owner of a UNIX socket that is used for sending a password. |
CVE-2004-2012 | Owner of special device not checked, allowing root. |
Very carefully manage the setting, management and handling of privileges. Explicitly manage trust zones in the software. |
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 282 | Improper Ownership Management | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Class | 703 | Failure to Handle Exceptional Conditions | Research Concepts1000 |
ChildOf | Category | 723 | OWASP Top Ten 2004 Category A2 - Broken Access Control | Weaknesses in OWASP Top Ten (2004) (primary)711 |
CanAlsoBe | Category | 264 | Permissions, Privileges, and Access Controls | Research Concepts1000 |
CanAlsoBe | Weakness Class | 345 | Insufficient Verification of Data Authenticity | Research Concepts1000 |
This overlaps insufficient comparison, verification errors, permissions, and privileges. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Relationship Notes, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations |