CWE-653
Improper Isolation or Compartmentalization
AI Translation Available
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Status
draft
Abstraction
class
Affected Platforms
Extended Description
AI Translation
When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
Technical Details
AI Translation
Common Consequences
access control
Impacts
gain privileges or assume identity
bypass protection mechanism
Detection Methods
automated static analysis - binary or bytecode
manual static analysis - source code
architecture or design review
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.