CWE WEAKNESSES / CWE-276
CWE-276
Incorrect Default Permissions
Base EXPLOIT LIKELIHOOD: MEDIUM
What it is
During installation, installed file permissions are set to allow anyone to modify those files.
Impact
| Confidentiality, Integrity | Read Application Data, Modify Application Data |
Mitigations
- [Architecture and Design, Operation] The architecture needs to access and modification attributes for files to only those users who actually require those actions.
- [Architecture and Design]Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separ
Real-world CVE examples
- CVE-2005-1941 — Executables installed world-writable.
- CVE-2002-1713 — Home directories installed world-readable.
- CVE-2001-1550 — World-writable log files allow information loss; world-readable file has cleartext passwords.
- CVE-2002-1711 — World-readable directory.
- CVE-2002-1844 — Windows product uses insecure permissions when installing on Solaris (genesis: port error).
- CVE-2001-0497 — Insecure permissions for a shared secret key file. Overlaps cryptographic problem.
- CVE-1999-0426 — Default permissions of a device allow IP spoofing.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →