CWE-638 - Not Using Complete Mediation
- Abstraction:Class
- Structure:Simple
- Status:Draft
- Release Date:2008-01-30
- Latest Modification Date:2023-10-26
Weakness Name
Not Using Complete Mediation
Description
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
Common Consequences
Scope: Integrity, Confidentiality, Availability, Access Control, Other
Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Other
Notes: A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource.
