Statements (41)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-200
|
| gptkbp:category |
Access Control Issues
|
| gptkbp:consequences |
Data leakage, data loss, or unauthorized actions.
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
An admin user can access user data without restrictions.
A guest user can view admin-only pages. A user can modify another user's profile. An API endpoint exposes sensitive data without authentication. A user can access another user's account without proper authentication. An application allows users to change their roles without authorization. |
| gptkbp:has_weakness |
gptkb:CWE-863
CWE-732 CWE-269 CWE-275 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-284
|
| gptkbp:impact |
Unauthorized access to sensitive data or functionality.
|
| gptkbp:is_described_as |
The software does not properly restrict access to a resource or action.
|
| gptkbp:is_protected_by |
Implement logging and monitoring.
Implement proper access control mechanisms. Conduct security training for developers. Regularly review access permissions. Use role-based access control. |
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/284.html
|
| gptkbp:name |
Improper Access Control
|
| gptkbp:related_concept |
gptkb:API
gptkb:ISO/_IEC_27001 CIS Controls NISTSP 800-53 PCIDSS |
| gptkbp:related_to |
Access Control
Authorization |
| gptkbp:supports |
Web applications
Mobile applications AP Is |
| gptkbp:sustainability_initiatives |
Use secure coding practices.
Employ automated security testing tools. Implement least privilege principle. Perform regular security audits. Utilize security frameworks. |