logo

CWE-638 - Not Using Complete Mediation

CWE-638

  • Abstraction:
  • Class
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Not Using Complete Mediation

Description

The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.

Common Consequences

Scope: Integrity, Confidentiality, Availability, Access Control, Other

Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Other

Notes: A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource.

Related Weaknesses
  • Release Date:
  • 2008-01-30
  • Latest Modification Date:
  • 2023-10-26

Free security scan for your website