CWE-274

BaseDraft

View on MITRE

Improper Handling of Insufficient Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

37 linked vulnerabilities

4 related weaknesses

Other

Alter Execution Logic

Automated Static Analysis

Effectiveness: High

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Modes of Introduction

Implementation

Operation

Related Weaknesses

CWE-755ChildOf CWE-269ChildOf CWE-271PeerOf CWE-280CanAlsoBe

Example CVEs (3)

CVE-2001-1564

System limits are not properly enforced after privileges are dropped.

CVE-2005-3286

Firewall crashes when it can't read a critical memory block that was protected by a malicious process.

CVE-2005-1641

Does not give admin sufficient privileges to overcome otherwise legitimate user actions.

External Links

MITRE CWE Database

CWE-274: Improper Handling of Insufficient Privileges | Mondoo Vulnerability Intelligence