logo

CWE-273 - Improper Check for Dropped Privileges

CWE-273 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Improper Check for Dropped Privileges

Description

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Notes: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.

Scope: Access Control, Non-Repudiation

Impact: Gain Privileges or Assume Identity, Hide Activities

Notes: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.

Related Weaknesses

CWE-754Improper Check for Unusual or Exceptional ConditionsMedium

CWE-252Unchecked Return ValueLow

CWE-271Privilege Dropping / Lowering ErrorsHigh

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website