Lack of Administrator Control over Security
Weakness ID: 671 (Weakness Class)Status: Draft
+ Description

Description Summary

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.

Extended Description

If the product's administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats - including the product's developer - can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class657Violation of Secure Design Principles
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base259Use of Hard-coded Password
Research Concepts1000
ParentOfWeakness BaseWeakness Base321Use of Hard-coded Cryptographic Key
Research Concepts1000
ParentOfWeakness BaseWeakness Base447Unimplemented or Unsupported Feature in UI
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base798Use of Hard-coded Credentials
Research Concepts1000
+ Relevant Properties
  • Accessibility
+ Content History
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2009-01-12CWE Content TeamMITREInternal
updated Description, Name
Previous Entry Names
Change DatePrevious Entry Name
2009-01-12Design Principle Violation: Lack of Administrator Control over Security