CWE-284 - Improper Access Control


For providing necessary control and security, every system possesses a few protection mechanisms: authentication (user's personality acknowledging), authorization (assurance in user's access to resource), and accountability (activities reporting).
Problems with usage or even work ceasing of at least one of the mechanisms allow attackers to put the software at risk by gaining privileges, getting access to resources, executing commands, evading detection, etc.
There are 2 signs of problems with protection mechanisms:
1. Specification: Performing of activities carried out only by administrator or program became available for all the users.
2.Enforcement: Errors arisen in work of program lead to violations of set access control requirements (e.g. a user can define own priveleges or admit insecure activities himself.
The weakness is introduced during Operation, Architecture and Design and Implementation stages.

Latest vulnerabilities for CWE-284


Description of CWE-284 on Mitre website