logo

CWE-286 - Incorrect User Management

CWE-286

  • Abstraction:
  • Class
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Incorrect User Management

Description

The product does not properly manage a user within its environment.

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Common Consequences

Scope: Other

Impact: Varies by Context

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-10-26

Free security scan for your website