This query indicates that a call is setting the DACL field in a
SECURITY_DESCRIPTOR to null.
SetSecurityDescriptorDacl to set a discretionary access control (DACL), setting the
bDaclPresent argument to
TRUE indicates the prescence of a DACL in the security description in the argument
pDacl parameter does not point to a DACL (i.e. it is
NULL) and the
bDaclPresent flag is
NULL DACL is specified.
NULL DACL grants full access to any user who requests it; normal security checking is not performed with respect to the object.
You should not use a
NULL DACL with an object because any user can change the DACL and owner of the security descriptor.
In the following example, the call to
SetSecurityDescriptorDacl is setting an unsafe DACL (
NULL DACL) to the security descriptor.
To fix this issue,
pDacl argument should be a pointer to an
ACL structure that specifies the DACL for the security descriptor.
- SetSecurityDescriptorDacl function (Microsoft documentation).
- Common Weakness Enumeration: CWE-732.