Read Time:23 Second

Description

The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-923

 

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Do not expose administrative functionnality on the user UI.

Phase: Architecture and Design

Description: 

Protect the administrative/restricted functionality with a strong authentication mechanism.

CVE References