Category: Limit Access
Draft
Summary
Weaknesses in this category are related to the design and architecture of system resources. Frequently these deal with restricting the amount of resources that are accessed by actors, such as memory, network connections, CPU or access points. The weaknesses in this category could lead to a degradation of the quality of authentication if they are not addressed when designing or implementing a secure architecture.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-201 | Insertion of Sensitive Information Into Sent Data | This vulnerability occurs when an application sends data to an external party, but accidentally includes sensitive information—like passwords, keys, or personal data—that the recipient should not be able to access. |
| CWE-209 | Generation of Error Message Containing Sensitive Information | This vulnerability occurs when an application reveals sensitive details about its internal systems, user data, or environment within error messages shown to users. |
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | This vulnerability occurs when an application stores or transmits a resource containing sensitive data without properly cleaning it first, potentially exposing that information to unauthorized parties. |
| CWE-243 | Creation of chroot Jail Without Changing Working Directory | This vulnerability occurs when a program creates a chroot jail but fails to change its current working directory afterward. Because the process's working directory remains outside the jail, attackers can use relative paths to access files and directories that should be restricted. |
| CWE-250 | Execution with Unnecessary Privileges | This vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege creates security risks by opening doors to new attacks or making existing weaknesses more dangerous. |
| CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | This vulnerability occurs when an application uses user-supplied input to reference a resource located outside its intended security boundary, allowing attackers to redirect operations to unintended locations. |
| CWE-611 | Improper Restriction of XML External Entity Reference | This vulnerability occurs when an application processes XML input without properly restricting external entity references. Attackers can exploit this to read local files, trigger internal network requests, or cause denial of service. |
| CWE-73 | External Control of File Name or Path | This vulnerability occurs when an application uses unvalidated user input to construct file or directory paths for filesystem operations. |
| CWE-1008 | Architectural Concepts | This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.