CWE-274 – Improper Handling of Insufficient Privileges

Read Time:30 Second

Description

The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-703
CWE-269
CWE-271
CWE-280

 

Consequences

Other: Other, Alter Execution Logic

 

Potential Mitigations

CVE References

  • CVE-2001-1564
    • System limits are not properly enforced after privileges are dropped.
  • CVE-2005-3286
    • Firewall crashes when it can’t read a critical memory block that was protected by a malicious process.
  • CVE-2005-1641
    • Does not give admin sufficient privileges to overcome otherwise legitimate user actions.