Authorize Actors

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be ...

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be contr...

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a...

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descript...

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized...

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

One or more system settings or configuration elements can be externally controlled by a user.

The product does not prevent the definition of control spheres from external actors.

The product makes files or directories accessible to unauthorized actors, even though they should not be.

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, p...

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may...

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restricti...

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicati...

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows ...

If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.

During installation, installed file permissions are set to allow anyone to modify those files.

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides ...

The product does not properly manage a user within its environment.

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive ...

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product ...

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

The product uses a cross-domain policy file that includes domains that should not be trusted.

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that...

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) o...

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the ...

The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.

The product stores sensitive information in a file system or device that does not have built-in access control.

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

The product does not properly verify that a critical resource is owned by the proper entity.

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass t...

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be ma...