Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Authorize Actors
Category ID:1011
Vulnerability Mapping:Prohibited
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with enforcing that agents have the required permissions before performing certain operations, such as modifying data. The weaknesses in this category could lead to a degradation of quality of the authorization capability if they are not addressed when designing or implementing a secure architecture.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1008Architectural Concepts
HasMemberDiscouragedC114Process Control
HasMemberAllowedB15External Control of System or Configuration Setting
HasMemberAllowedV219Storage of File with Sensitive Data Under Web Root
HasMemberAllowedV220Storage of File With Sensitive Data Under FTP Root
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB267Privilege Defined With Unsafe Actions
HasMemberAllowedB268Privilege Chaining
HasMemberDiscouragedC269Improper Privilege Management
HasMemberAllowedB270Privilege Context Switching Error
HasMemberAllowed-with-ReviewC271Privilege Dropping / Lowering Errors
HasMemberAllowedB272Least Privilege Violation
HasMemberAllowedB273Improper Check for Dropped Privileges
HasMemberDiscouragedB274Improper Handling of Insufficient Privileges
HasMemberAllowedB276Incorrect Default Permissions
HasMemberAllowedV277Insecure Inherited Permissions
HasMemberAllowedV279Incorrect Execution-Assigned Permissions
HasMemberAllowedB280Improper Handling of Insufficient Permissions or Privileges
HasMemberAllowedB281Improper Preservation of Permissions
HasMemberAllowed-with-ReviewC282Improper Ownership Management
HasMemberAllowedB283Unverified Ownership
HasMemberDiscouragedP284Improper Access Control
HasMemberDiscouragedC285Improper Authorization
HasMemberAllowed-with-ReviewC286Incorrect User Management
HasMemberDiscouragedC300Channel Accessible by Non-Endpoint
HasMemberAllowedB341Predictable from Observable State
HasMemberAllowedB359Exposure of Private Personal Information to an Unauthorized Actor
HasMemberAllowedB403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberAllowedB419Unprotected Primary Channel
HasMemberAllowedB420Unprotected Alternate Channel
HasMemberAllowedB425Direct Request ('Forced Browsing')
HasMemberAllowed-with-ReviewB426Untrusted Search Path
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedV527Exposure of Version-Control Repository to an Unauthorized Control Sphere
HasMemberAllowedV528Exposure of Core Dump File to an Unauthorized Control Sphere
HasMemberAllowedV529Exposure of Access Control List Files to an Unauthorized Control Sphere
HasMemberAllowedV530Exposure of Backup File to an Unauthorized Control Sphere
HasMemberAllowedB538Insertion of Sensitive Information into Externally-Accessible File or Directory
HasMemberAllowedB551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
HasMemberAllowedB552Files or Directories Accessible to External Parties
HasMemberAllowedV566Authorization Bypass Through User-Controlled SQL Primary Key
HasMemberAllowedB639Authorization Bypass Through User-Controlled Key
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowedV647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberAllowedC653Improper Isolation or Compartmentalization
HasMemberAllowed-with-ReviewC656Reliance on Security Through Obscurity
HasMemberDiscouragedC668Exposure of Resource to Wrong Sphere
HasMemberAllowed-with-ReviewC669Incorrect Resource Transfer Between Spheres
HasMemberAllowed-with-ReviewC671Lack of Administrator Control over Security
HasMemberAllowed-with-ReviewC673External Influence of Sphere Definition
HasMemberAllowedB708Incorrect Ownership Assignment
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB770Allocation of Resources Without Limits or Throttling
HasMemberAllowedV782Exposed IOCTL with Insufficient Access Control
HasMemberAllowedV827Improper Control of Document Type Definition
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedB921Storage of Sensitive Data in a Mechanism without Access Control
HasMemberAllowed-with-ReviewC923Improper Restriction of Communication Channel to Intended Endpoints
HasMemberAllowedB939Improper Authorization in Handler for Custom URL Scheme
HasMemberAllowedV942Permissive Cross-domain Policy with Untrusted Domains
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1008
Name: Architectural Concepts
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 114
Name: Process Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 15
Name: External Control of System or Configuration Setting
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 219
Name: Storage of File with Sensitive Data Under Web Root
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 220
Name: Storage of File With Sensitive Data Under FTP Root
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 267
Name: Privilege Defined With Unsafe Actions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 269
Name: Improper Privilege Management
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 270
Name: Privilege Context Switching Error
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 271
Name: Privilege Dropping / Lowering Errors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 272
Name: Least Privilege Violation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 273
Name: Improper Check for Dropped Privileges
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 274
Name: Improper Handling of Insufficient Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 277
Name: Insecure Inherited Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 279
Name: Incorrect Execution-Assigned Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 280
Name: Improper Handling of Insufficient Permissions or Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 281
Name: Improper Preservation of Permissions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 282
Name: Improper Ownership Management
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 283
Name: Unverified Ownership
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 284
Name: Improper Access Control
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 286
Name: Incorrect User Management
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 300
Name: Channel Accessible by Non-Endpoint
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 341
Name: Predictable from Observable State
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 359
Name: Exposure of Private Personal Information to an Unauthorized Actor
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 403
Name: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 419
Name: Unprotected Primary Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 420
Name: Unprotected Alternate Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 425
Name: Direct Request ('Forced Browsing')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 426
Name: Untrusted Search Path
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 527
Name: Exposure of Version-Control Repository to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 528
Name: Exposure of Core Dump File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 529
Name: Exposure of Access Control List Files to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 530
Name: Exposure of Backup File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 538
Name: Insertion of Sensitive Information into Externally-Accessible File or Directory
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 551
Name: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 552
Name: Files or Directories Accessible to External Parties
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 566
Name: Authorization Bypass Through User-Controlled SQL Primary Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 639
Name: Authorization Bypass Through User-Controlled Key
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 647
Name: Use of Non-Canonical URL Paths for Authorization Decisions
Nature: HasMember
Mapping: Allowed
Type: Class
ID: 653
Name: Improper Isolation or Compartmentalization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 656
Name: Reliance on Security Through Obscurity
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 668
Name: Exposure of Resource to Wrong Sphere
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 669
Name: Incorrect Resource Transfer Between Spheres
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 671
Name: Lack of Administrator Control over Security
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 673
Name: External Influence of Sphere Definition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 708
Name: Incorrect Ownership Assignment
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 770
Name: Allocation of Resources Without Limits or Throttling
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 782
Name: Exposed IOCTL with Insufficient Access Control
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 827
Name: Improper Control of Document Type Definition
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 921
Name: Storage of Sensitive Data in a Mechanism without Access Control
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 923
Name: Improper Restriction of Communication Channel to Intended Endpoints
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 939
Name: Improper Authorization in Handler for Custom URL Scheme
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 942
Name: Permissive Cross-domain Policy with Untrusted Domains
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-9
Title: A Catalog of Security Architecture Weaknesses.
Version: v4.15
Author: Santos, J. C. S., Tarrit, K., Mirakhorli, M.
Publication:
2017 IEEE International Conference on Software Architecture (ICSA)
Publisher:
Edition:
URL:https://design.se.rit.edu/papers/cawe-paper.pdf
URL Date:
Day:N/A
Month:N/A
Year:2017
Reference ID: REF-10
Title: Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.
Version: v4.15
Author: Santos, J. C. S., Peruma, A., Mirakhorli, M., Galster, M., Sejfia, A.
Publication:
2017 IEEE International Conference on Software Architecture (ICSA)
Publisher:
Edition:
URL:https://design.se.rit.edu/papers/TacticalVulnerabilities.pdf
URL Date:
Day:N/A
Month:N/A
Year:2017
Details not found