CWE-424

Improper Protection of Alternate Path

Class

Draft

Description

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Parent Weaknesses (ChildOf)

CWE-638: Not Using Complete Mediation...

CWE-693: Protection Mechanism Failure...

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism, Gain Privileges or Assume Identity

Potential Mitigations

Architecture and Design

Deploy different layers of protection to implement security in depth.

CVE-2022-29238

Access-control setting in web-based document collaboration tool is not properly implemented by the code, which prevents listing hidden directories but does not prevent direct requests to files in those directories.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now