CWE-842 - Placement of User into Incorrect Group

CWE-842

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Placement of User into Incorrect Group

Description: The product or the administrator places a user into an incorrect group.
If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses: CWE-286Incorrect User Management

Release Date:
2011-03-30

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard