Read Time:23 Second
Description
The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism
Potential Mitigations
Phase: Architecture and Design
Description:
Do not expose administrative functionnality on the user UI.
Phase: Architecture and Design
Description:
Protect the administrative/restricted functionality with a strong authentication mechanism.