Statements (122)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-23
|
| gptkbp:affects |
Web applications
Mobile applications API services |
| gptkbp:category |
Access Control Issues
|
| gptkbp:created_by |
gptkb:MITRE
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
Using predictable UR Ls for sensitive resources.
|
| gptkbp:first_published |
2021-07-01
|
| gptkbp:has_weakness |
gptkb:CWE-703
CWE-732 CWE-639 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-898
|
| gptkbp:impact |
Unauthorized access to resources
|
| gptkbp:is_described_as |
The software does not properly control the identifiers for resources, which can lead to unauthorized access or manipulation.
|
| gptkbp:is_protected_by |
Implementing rate limiting.
Conducting risk assessments. Implement proper access controls. Implementing input sanitization. Regular security audits. Conducting code reviews. Conducting penetration testing. Conducting security assessments effectively. Conducting security assessments efficiently. Conducting security assessments regularly. Conducting security assessments. Conducting security audits effectively. Conducting security audits efficiently. Conducting security audits regularly. Conducting security audits. Conducting security awareness programs. Conducting security reviews. Conducting security testing consistently. Conducting security testing effectively. Conducting security testing efficiently. Conducting security testing regularly. Conducting security testing. Conducting security training for staff. Conducting threat modeling. Conducting vulnerability assessments. Educating users about security best practices. Encrypting sensitive resource identifiers. Establishing a security culture. Establishing a security governance framework. Establishing incident response plans. Implementing data encryption. Implementing data loss prevention measures. Implementing incident detection mechanisms. Implementing least privilege access. Implementing network segmentation. Implementing role-based access control. Implementing secure configuration management. Implementing security awareness training. Implementing security best practices. Implementing security controls consistently. Implementing security controls effectively. Implementing security controls efficiently. Implementing security controls. Implementing security headers. Implementing security incident response. Implementing security measures effectively. Implementing security measures efficiently. Implementing security measures. Implementing security monitoring. Implementing security patches promptly. Implementing security policies consistently. Implementing security policies effectively. Implementing security policies efficiently. Implementing security policies. Implementing secure software development lifecycle. Logging and monitoring access to resources. Providing user feedback on access attempts. Regularly reviewing access controls. Regularly reviewing security logs. Regularly testing security controls. Regularly training developers on security. Regularly updating security measures. Regularly updating security policies. Regularly updating software dependencies. Use of UUI Ds for resource identifiers. User input validation. Using application firewalls. Using automated security tools. Using content security policies. Using multi-factor authentication. Using secure access controls. Using secure authentication methods. Using secure backup solutions. Using secure coding frameworks. Using secure coding libraries. Using secure coding practices consistently. Using secure coding practices effectively. Using secure coding practices efficiently. Using secure coding practices. Using secure coding standards consistently. Using secure coding standards effectively. Using secure coding standards efficiently. Using secure coding standards. Using secure coding techniques consistently. Using secure coding techniques effectively. Using secure coding techniques efficiently. Using secure coding techniques. Using secure communication protocols. Using secure development environments. Using secure frameworks. Using secure software development practices. Using secure tokens for resource access. Using security monitoring tools. Using threat intelligence. Using version control for sensitive files. |
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/898.html
|
| gptkbp:is_vulnerable_to |
Exposing internal API endpoints.
Failure to restrict access to sensitive data. Inadequate validation of resource identifiers. Insecure direct object reference. Using session I Ds as resource identifiers. |
| gptkbp:name |
Improper Control of Resource Identifiers
|
| gptkbp:related_to |
gptkb:CWE-284
gptkb:CWE-20 |
| gptkbp:status |
Active
|