Read Time:26 Second

Description

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2010-4624
    • Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.