CWE-862 - Missing Authorization
- Abstraction:Class
- Structure:Simple
- Status:Incomplete
- Release Date:2011-06-01
- Latest Modification Date:2024-11-19
Weakness Name
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data, Read Files or Directories
Notes: An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data.
Scope: Integrity
Impact: Modify Application Data, Modify Files or Directories
Notes: An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data.
Scope: Access Control
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism
Notes: An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
Notes: An attacker could gain unauthorized access to resources on the system and excessively consume those resources, leading to a denial of service.