Improper error handling results when security mechanisms fail to deny access until it’s specifically granted. This may occur as a result of a mismatch in policy and coding practice. It may also result from code that lacks appropriate error handling logic. For example, a system may grant access until it’s denied. -veracode.com