Modes Of Introduction
Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Access Control | Gain Privileges or Assume Identity
Note: A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users. | |
Observed Examples
Reference |
Description |
CVE-2002-1688 | Web browser cross domain problem when user hits "back" button. |
CVE-2003-1026 | Web browser cross domain problem when user hits "back" button. |
CVE-2002-1770 | Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone. |
CVE-2005-2263 | Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers. |
Potential Mitigations
Phases : Architecture and Design // Operation
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phases : Architecture and Design // Operation
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Phases : Architecture and Design
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
CAPEC-ID |
Attack Pattern Name |
CAPEC-17 |
Using Malicious Files An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface. |
CAPEC-30 |
Hijacking a Privileged Thread of Execution An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory. |
CAPEC-35 |
Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. |
Notes
This concept needs more study.
References
REF-7
Writing Secure Code
Michael Howard, David LeBlanc.
https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223 REF-76
Least Privilege
Sean Barnum, Michael Gegick.
https://web.archive.org/web/20211209014121/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege
Submission
Name |
Organization |
Date |
Date Release |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Name |
Organization |
Date |
Comment |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Description, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2009-12-28 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2010-02-16 +00:00 |
updated References |
CWE Content Team |
MITRE |
2010-06-21 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Common_Consequences, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations, References |
CWE Content Team |
MITRE |
2014-02-18 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Modes_of_Introduction, References, Relationships |
CWE Content Team |
MITRE |
2018-03-27 +00:00 |
updated References |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2022-04-28 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2022-10-13 +00:00 |
updated References |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated References, Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |