SFP Primary Cluster: Privilege

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of o...

The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions.

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms ...

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that...

The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).