CWE-782

Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

Mitigation

Phase: Architecture and Design

Description:

  • In Windows environments, use proper access control for the associated device or device namespace. See References.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page