Failure to Protect Alternate Path
Weakness ID: 424 (Weakness Class)Status: Draft
+ Description

Description Summary

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms



+ Potential Mitigations

Malicious users are likely to attack the weakest link.

Deploy different layers of protection to implement security in depth.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory417Channel and Path Errors
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class638Failure to Use Complete Mediation
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class693Protection Mechanism Failure
Research Concepts1000
ParentOfWeakness BaseWeakness Base425Direct Request ('Forced Browsing')
Development Concepts (primary)699
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERAlternate Path Errors
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-10-29CWE Content TeamMITREInternal
updated Other Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Alternate Path Errors