CWE-1280

Access Control Check Implemented After Asset is Accessed

AI Translation Available

A product's hardware-based access control check occurs after the asset has been accessed.

Status

incomplete

Abstraction

base

Affected Platforms

Not Language-Specific Verilog VHDL

Extended Description

AI Translation

The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised.

Technical Details

AI Translation

Common Consequences

access control confidentiality integrity

Impacts

modify memory read memory modify application data read application data gain privileges or assume identity bypass protection mechanism

Potential Mitigations

Phases:

implementation

Descriptions:

• Implement the access control check first. Access should only be given to asset if agent is authorized.

AI Generated Translation

Common Consequences

controllo degli accessi riservatezza integrità

Impacts

modificare memoria leggere memoria modificare dati applicazione leggere dati applicazione ottenere privilegi o assumere identità elusione del meccanismo di protezione

Potential Mitigations

Phases:

implementazione

Descriptions:

• Implementa innanzitutto il controllo di accesso. L'accesso dovrebbe essere concesso solo all'asset se l'agente è autorizzato.

CWE-1280

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter