CWE-419
Unprotected Primary Channel
AI Translation Available
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Status
draft
Abstraction
base
Affected Platforms
Technical Details
AI Translation
Common Consequences
access control
Impacts
gain privileges or assume identity
bypass protection mechanism
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Protect the administrative/restricted functionality with a strong authentication mechanism.
•
Do not expose administrative functionnality on the user UI.