CWE-286β€”Incorrect User Management

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-286
Abstraction:
Class
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Incorrect User Management

Description

The product does not properly manage a user within its environment.

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Common Consequences

Scope:
Other
Impact:
Varies by Context

Related Weaknesses