CWE-271 - Privilege Dropping / Lowering Errors
CWE-271 High
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Privilege Dropping / Lowering Errors
- Description
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
Scope: Access Control, Non-Repudiation
Impact: Gain Privileges or Assume Identity, Hide Activities
Notes: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website