QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-529

Back to CWE list

CWE-529

Exposure of Access Control List Files to an Unauthorized Control Sphere

Variant
Incomplete

Description

The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.

Exposure of these access control list files may give the attacker information about the configuration of the site or system. This information may then be used to bypass the intended security policy or identify trusted systems from which an attack can be launched.

Common Consequences

Scope

Confidentiality
Access Control

Impact

Read Application Data, Bypass Protection Mechanism

Potential Mitigations

System Configuration

Protect access control list files.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now