Description
The system’s authorization functionality does not prevent one user from gaining access to another user’s data or record by modifying the key value identifying the data.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Access control checks for specific user data or functionality can be bypassed.
Access Control: Gain Privileges or Assume Identity
Horizontal escalation of privilege is possible (one user can view/modify information of another user).
Access Control: Gain Privileges or Assume Identity
Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access.
Potential Mitigations
Phase: Architecture and Design
Description:
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Phase: Architecture and Design, Implementation
Description:
Make sure that the key that is used in the lookup of a specific user’s record is not controllable externally by the user or that any tampering can be detected.
Phase: Architecture and Design
Description:
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.