logo

CWE-842 - Placement of User into Incorrect Group

CWE-842

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Placement of User into Incorrect Group

Description

The product or the administrator places a user into an incorrect group.

If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Related Weaknesses
  • Release Date:
  • 2011-03-30
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website