CWE•Class•Draft•6 recent CVEs
CWE-424Improper Protection of Alternate Path
Description
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Common consequences
- Access Control→Bypass Protection Mechanism,Gain Privileges or Assume Identity
Potential mitigations
- Architecture and DesignDeploy different layers of protection to implement security in depth.