CWE-283
Unverified Ownership
AI Translation Available
The product does not properly verify that a critical resource is owned by the proper entity.
Status
draft
Abstraction
base
Affected Platforms
Technical Details
AI Translation
Common Consequences
access control
Impacts
gain privileges or assume identity
Potential Mitigations
Phases:
architecture and design
operation
Descriptions:
•
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
•
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.