| CWE-276 | Incorrect Default Permissions |
| CWE-285 | Improper Authorization |
| CWE-288 | Authentication Bypass Using an Alternate Path or Channel |
| CWE-424 | Improper Protection of Alternate Path |
| CWE-425 | Direct Request ('Forced Browsing') |
| CWE-693 | Protection Mechanism Failure |
| CWE-721 | OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
