CWE-1280
Access Control Check Implemented After Asset is Accessed
Description
A product's hardware-based access control check occurs after the asset has been accessed.
{"xhtml:p":["The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Memory, Read Memory, Modify Application Data, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism
Potential Mitigations
Implement the access control check first. Access should only be given to asset if agent is authorized.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now