Read Time:30 Second

Description

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2002-1786
    • Insecure umask for core dumps [is the umask preserved or assigned?].