BaseDraft

CWE-1267Policy Uses Obsolete Encoding

Category: other

Description

The product uses an obsolete encoding mechanism to implement access controls.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Reduce Reliability

Potential mitigations· 1

  • [Architecture and Design, Implementation]

Related CAPEC attack patterns· 2

CAPEC-121CAPEC-681

References

  1. https://cwe.mitre.org/data/definitions/1267.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploit Non-Production Interfacescapec-121100%live
AttackPatternExploitation of Improperly Controlled Hardware Security Identifierscapec-681100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Inadequate Encryption Strength
CWE
Use of a Broken or Risky Cryptographic Algorithm
CWE
Improper Access Control
CWE
Use of Hard-coded Cryptographic Key
CWE
Use of a Cryptographic Primitive with a Risky Implementation
CWE
Storage of Sensitive Data in a Mechanism without Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.