CWE-283

Unverified Ownership

The product does not properly verify that a critical resource is owned by the proper entity.

Mitigation ID: MIT-1

Phases: Architecture and Design, Operation

Description:

  • Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-49

Phase: Architecture and Design

Strategy: Separation of Privilege

Description:

  • Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page