Read Time:27 Second
Description
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality, Integrity: Read Application Data, Modify Application Data
Potential Mitigations
Phase: Architecture and Design, Operation
Description:
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phase: Architecture and Design
Description:
CVE References
- CVE-2005-1724
- Does not obey specified permissions when exporting.