CWE-424 - Improper Protection of Alternate Path
- Abstraction:Class
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-02-29
Weakness Name
Improper Protection of Alternate Path
Description
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity