The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
View on MITREIf the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.
In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
No detection method information available for this CWE.
This code attempts to take on the privileges of a user before creating a file, thus avoiding performing the action with unnecessarily high privileges:
The call to ImpersonateNamedPipeClient may fail, but the return value is not checked. If the call fails, the code may execute with higher privileges than intended. In this case, an attacker could exploit this behavior to write a file to a location that the attacker does not have access to.
Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
View DetailsProgram does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
View DetailsCWE-273: Improper Check for Dropped Privileges is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
If exploited, CWE-273 (Improper Check for Dropped Privileges) it can compromise Access Control and Non-Repudiation, leading to outcomes such as Gain Privileges or Assume Identity and Hide Activities.
Recommended mitigations for CWE-273 include: In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
CWE-273 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-273, including CVE-2006-4447 and CVE-2006-2916. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-273 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.