QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-283

Back to CWE list

CWE-283

Unverified Ownership

Base
Draft

Description

The product does not properly verify that a critical resource is owned by the proper entity.

Common Consequences

Scope

Access Control

Impact

Gain Privileges or Assume Identity

Potential Mitigations

Architecture and Design
Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Architecture and Design

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CVE-2001-0178

Program does not verify the owner of a UNIX socket that is used for sending a password.

CVE-2004-2012

Owner of special device not checked, allowing root.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now