CWE-671: Lack of Administrator Control over Security

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

If the product's administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats - including the product's developer - can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.

CWE-671: Lack of Administrator Control over Security

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Frequently asked questions

What is CWE-671?

What CVEs are caused by CWE-671?

What are the consequences of CWE-671?

Is CWE-671 actively exploited?

References

Stay ahead of CWE-671

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-671?

What CVEs are caused by CWE-671?

What are the consequences of CWE-671?

Is CWE-671 actively exploited?

References

Stay ahead of CWE-671