Description
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
- No observed examples available.
Related Attack Patterns (CAPEC)
Attack TTPs
Malware
APTs (Intrusion Sets)
Modes of Introduction
| Phase |
Note |
| Architecture and Design |
OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
| Implementation |
N/A |
Common Consequences
- Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism — Notes:
Potential Mitigations
- Architecture and Design: Do not expose administrative functionnality on the user UI. (N/A)
- Architecture and Design: Protect the administrative/restricted functionality with a strong authentication mechanism. (N/A)
Applicable Platforms
- None (Not Language-Specific, Undetermined)
Demonstrative Examples
N/A
Notes
← Back to CWE list