ClassDraft

CWE-638Not Using Complete Mediation

Category: other

Description

The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.

Common consequences· 1

  • Integrity / Confidentiality / Availability / Access Control / Other — Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Other
    A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource.

Potential mitigations· 2

  • [Architecture and Design]Invalidate cached privileges, file handles or descriptors, or other access credentials whenever identities, processes, policies, roles, capabilities or permissions change. Perform complete authentication checks before accepting, caching and reusing data, dynamic content and code (scripts). Avoid caching access control decisions as much as possible.
  • [Architecture and Design]Identify all possible code paths that might access sensitive resources. If possible, create and use a single interface that performs the access checks, and develop code standards that require use of this interface.

Related CAPEC attack patterns· 1

CAPEC-104

References

  1. https://cwe.mitre.org/data/definitions/638.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternCross Zone Scriptingcapec-104100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Authorization
CWE
Insufficient Granularity of Access Control
CWE
Improper Access Control
CWE
Improper Privilege Management
CWE
Improper Protection of Alternate Path
CWE
Improper Restriction of Communication Channel to Intended Endpoints
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.