CWE-269 Detail

CWE-269

Improper Privilege Management
MEDIUM
Draft
2006-07-19 00:00 +00:00
2024-11-19 00:00 +00:00

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Informations

Modes Of Introduction

Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
Access ControlGain Privileges or Assume Identity

Observed Examples

Reference Description
CVE-2001-1555Terminal privileges are not reset when a user logs out.
CVE-2001-1514Does not properly pass security context to child processes in certain cases, allows privilege escalation.
CVE-2001-0128Does not properly compute roles.
CVE-1999-1193untrusted user placed in unix "wheel" group
CVE-2005-2741Product allows users to grant themselves certain rights that can be used to escalate privileges.
CVE-2005-2496Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
CVE-2004-0274Product mistakenly assigns a particular status to an entity, leading to increased privileges.
CVE-2007-4217FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.
CVE-2007-5159OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.
CVE-2008-4638Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).
CVE-2007-3931Installation script installs some programs as setuid when they shouldn't be.
CVE-2002-1981Roles have access to dangerous procedures (Accessible entities).
CVE-2002-1671Untrusted object/method gets access to clipboard (Accessible entities).
CVE-2000-0315Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).
CVE-2000-0506User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).

Potential Mitigations

Phases : Architecture and Design // Operation
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phases : Architecture and Design
Follow the principle of least privilege when assigning access rights to entities in a software system.
Phases : Architecture and Design
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High

Vulnerability Mapping Notes

Rationale : CWE-269 is commonly misused. It can be conflated with "privilege escalation," which is a technical impact that is listed in many low-information vulnerability reports [REF-1287]. It is not useful for trend analysis.
Comments : If an error or mistake allows privilege escalation, then use the CWE ID for that mistake. Avoid using CWE-269 when only phrases such as "privilege escalation" or "gain privileges" are available, as these indicate technical impact of the vulnerability - not the root cause weakness. If the root cause seems to be directly related to privileges, then examine the children of CWE-269 for additional hints, such as Execution with Unnecessary Privileges (CWE-250) or Incorrect Privilege Assignment (CWE-266).

Related Attack Patterns

CAPEC-ID Attack Pattern Name
CAPEC-122 Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233 Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58 Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.

Notes

The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).

References

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

REF-1287

Supplemental Details - 2022 CWE Top 25
MITRE.
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails

Submission

Name Organization Date Date Release Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Name Organization Date Comment
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Team 2008-09-08 +00:00 Moved this entry higher up in the Research view.
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
CWE Content Team MITRE 2009-05-27 +00:00 updated Name
CWE Content Team MITRE 2009-12-28 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-06-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2011-03-29 +00:00 updated Description, Relationships
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated References, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2013-02-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Type
CWE Content Team MITRE 2019-06-20 +00:00 updated Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2019-09-19 +00:00 updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Observed_Examples, Relationships
CWE Content Team MITRE 2020-08-20 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2021-10-28 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated References
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Detection_Factors, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2024-07-16 +00:00 updated Diagram
CWE Content Team MITRE 2024-11-19 +00:00 updated Relationships
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.