CWE-286 - Incorrect User Management
- Abstraction:Class
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Incorrect User Management
Description
The product does not properly manage a user within its environment.
Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
Common Consequences
Scope: Other
Impact: Varies by Context
