CWE-266: Incorrect Privilege Assignment
Official CWE-266 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.
Glexia's Take
CWE-266: Incorrect Privilege Assignment
Incorrect Privilege Assignment represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Access Control: Gain Privileges or Assume Identity: A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
Developer Pattern
CWE-266 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Confidence
high confidence from CWE-266, 4.20.
Official CWE Definition
CWE-266: Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- The following example demonstrates the weakness.
- This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes. Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user's data.
Remediation
- Architecture and Design,Operation: Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and Design,Operation: Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Detection
- Code review
- SAST
- DAST
- Focused regression tests
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1022: Use of Web Link to Untrusted Target with window.opener Access
- CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents
- CWE-269: Improper Privilege Management
- CWE-286: Incorrect User Management
- CWE-520: .NET Misconfiguration: Use of Impersonation
- CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation
- CWE-9: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.