CWE-638 - Not Using Complete Mediation
CWE-638
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Not Using Complete Mediation
- Description
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
- Common Consequences
Scope: Integrity, Confidentiality, Availability, Access Control, Other
Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Other
Notes: A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource.
- Related Weaknesses
- Release Date:
- 2008-01-30
- Latest Modification Date:
- 2023-10-26
Free security scan for your website