CWE-1280: Access Control Check Implemented After Asset is Accessed

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

A product's hardware-based access control check occurs after the asset has been accessed.

常见后果

影响范围: Access Control Confidentiality Integrity

技术影响: Modify Memory Read Memory Modify Application Data Read Application Data Gain Privileges or Assume Identity Bypass Protection Mechanism

潜在缓解措施

阶段: Implementation

描述: Implement the access control check first. Access should only be given to asset if agent is authorized.

引入模式

阶段	说明
Implementation	-

适用平台

编程语言

Verilog (Undetermined) VHDL (Undetermined) Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1280

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1280: Access Control Check Implemented After Asset is Accessed

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1280: Access Control Check Implemented After Asset is Accessed

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-696

ChildOf CWE-284

相关攻击模式