Incorrect Privilege Assignment| ID: 266 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
A product incorrectly assigns a privilege to a particular
actor, creating an unintended sphere of control for that
actor.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Gain privileges / assume
identity | A user can access restricted functionality and/or sensitive
information that may include administrative functionality and user
accounts. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and DesignOperation | | Very carefully manage the setting, management, and handling of
privileges. Explicitly manage trust zones in the software. | | |
| Architecture and DesignOperation | Environment Hardening | Run your code using the lowest privileges that are required to
accomplish the necessary tasks [R.266.1]. If possible, create isolated
accounts with limited privileges that are only used for a single task.
That way, a successful attack will not immediately give the attacker
access to the rest of the software or its environment. For example,
database applications rarely need to run as the database administrator,
especially in day-to-day operations. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-266 ChildOf CWE-901 | Category | CWE-888 | |
Demonstrative Examples (Details)
- Evidence of privilege change: (Demonstrative Example Id DX-97)
Observed Examples
- CVE-1999-1193 : untrusted user placed in unix "wheel" group
- CVE-2005-2741 : Product allows users to grant themselves certain rights that can be used to escalate privileges.
- CVE-2005-2496 : Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
- CVE-2004-0274 : Product mistakenly assigns a particular status to an entity, leading to increased privileges.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Incorrect Privilege Assignment | |
| CERT Java Secure Coding | SEC00-J | Do not allow privileged blocks to leak sensitive information
across a trust boundary | |
| CERT Java Secure Coding | SEC01-J | Do not allow tainted variables in privileged
blocks | |
References:
- Sean Barnum Michael Gegick .Least Privilege. Published on 2005-09-14.
