CWE-419
Unprotected Primary Channel
Description
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Consequences
Access Control
—
Gain Privileges or Assume Identity, Bypass Protection Mechanism
Mitigations
Phase: Architecture and Design
Do not expose administrative functionnality on the user UI.
Phase: Architecture and Design
Protect the administrative/restricted functionality with a strong authentication mechanism.