Privilege Context Switching ErrorID: 270 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software does not properly manage privileges while it is
switching between different contexts that have different privileges or spheres
of control.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
- Operation
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Access_Control | Gain privileges / assume
identity | A user can assume the identity of another user with separate
privileges in another context. This will give the user unauthorized
access that may allow them to acquire the access information of other
users. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and DesignOperation | | Very carefully manage the setting, management, and handling of
privileges. Explicitly manage trust zones in the software. | | |
Architecture and DesignOperation | Environment Hardening | Run your code using the lowest privileges that are required to
accomplish the necessary tasks [R.270.1]. If possible, create isolated
accounts with limited privileges that are only used for a single task.
That way, a successful attack will not immediately give the attacker
access to the rest of the software or its environment. For example,
database applications rarely need to run as the database administrator,
especially in day-to-day operations. | | |
Architecture and Design | Separation of Privilege | Consider following the principle of separation of privilege. Require
multiple conditions to be met before permitting access to a system
resource. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-270 ChildOf CWE-901 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2002-1688 : Web browser cross domain problem when user hits "back" button.
- CVE-2003-1026 : Web browser cross domain problem when user hits "back" button.
- CVE-2002-1770 : Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.
- CVE-2005-2263 : Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Privilege Context Switching Error | |
References:
- M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 7, "Running with Least Privilege" Page
207'. Published on 2002.
- Sean Barnum Michael Gegick .Least Privilege. Published on 2005-09-14.