SFP Primary Cluster: Privilege

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of ot...

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms ...

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that...

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).