CWE-708

Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

Mitigation

Phase: Policy

Description:

  • Periodically review the privileges and their owners.
Mitigation

Phase: Testing

Description:

  • Use automated tools to check for privilege settings.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page