CWE-273 - Improper Check for Dropped Privileges
- 摘要:Base
- 结构:Simple
- 状态:Incomplete
- 发布日期:2006-07-19
- 更新日期:2023-06-29
名称
Improper Check for Dropped Privileges
描述
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
常见后果
范围:Access Control
影响:Gain Privileges or Assume Identity
注释:If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
范围:Access Control, Non-Repudiation
影响:Gain Privileges or Assume Identity, Hide Activities
注释:If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.