CWE WEAKNESSES / CWE-424
CWE-424
Improper Protection of Alternate Path
Class
What it is
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Impact
| Access Control | Bypass Protection Mechanism, Gain Privileges or Assume Identity |
Mitigations
- [Architecture and Design] Deploy different layers of protection to implement security in depth.
Real-world CVE examples
- CVE-2022-29238 — Access-control setting in web-based document collaboration tool is not properly implemented by the code, which prevents listing hidden directories but does not
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →