CWE-286 用户管理不正确
Incorrect User Management
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software does not properly manage a user within its environment.
扩展描述
Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 284 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 284 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Varies by Context |
Notes
Maintenance The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693). Maintenance This item needs more work. Possible sub-categories include: user in wrong group, and user with insecure profile or "configuration". It also might be better expressed as a category than a weakness.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | User management errors |