Insecure Access Control Entry (ACE) Configuration
Description
The AddAccessAllowedAce function does not set the inheritance bits in the access control entry (ACE) header, which may lead to unintended access control issues. Make sure to set inheritance by hand if it is desired.
Examples
Insecure Code
c
AddAccessAllowedAce(...);Secure Code
c
Set inheritance bits manually before calling AddAccessAllowedAce(...);Remediation
Set the inheritance bits in the ACE header manually or use a function that sets them by default.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0595 |
| Category | AccessControl |
| Severity | HIGH |
| CWE | CWE-732 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | access control, ACE, inheritance |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |