Broken Access Control Full Guide OWASP 10 in Ethical Hacking

broken-access-control-owasp-10

In this blog, we will learn about Broken Access Control which is one of the most common vulnerabilities found on the website. We will see types of Broken Access Control and see some practicals around it. So let’s get started with the blog.

Introduction

Broken access control is a significant security vulnerability in the field of cybersecurity. It refers to a weakness or flaw in the access control mechanisms of a system that allows unauthorized users to gain privileged access to resources, functionality, or information they should not have.

It can have severe consequences, as it compromises the confidentiality, integrity, and availability of sensitive data and system resources.

In simple words, these vulnerabilities allow the attacker to bypass the authorization and access measures, and perform operations as if they were privileged users.

Access control is the process of granting or denying permissions to individuals or entities based on their identity and level of authorization. It ensures that only authorized users can access specific resources or perform certain actions within a system.

However, when access control mechanisms are improperly implemented or not enforced correctly, it creates opportunities for attackers to exploit the system.

Types of Access Control Models

A) Programmatic access control

Programmatic access control applies access controls programmatically by referencing a matrix of user rights that is kept in a database or similar system. This kind of highly specific access control may include roles, groups, or individual individuals, as well as collections or workflows of procedures.

B) Discretionary access control

  • In DAC, access rights are based on the discretion of the owner or creator of the resource.
  • Users have the ability to control access to their own resources and can grant or revoke permissions to others.
  • It is a flexible model but can lead to security issues if owners are not careful about access control.

C) Mandatory access control

  • In MAC, access rights are determined by security labels and are typically government or organization-defined.
  • Users and objects are assigned security labels (e.g., security clearances), and access is based on a set of rules or policies.
  • The Bell-LaPadula and Biba models are examples of MAC models.

D) Role-based access control

  • RBAC assigns permissions to roles, and users are assigned to specific roles.
  • Users inherit the permissions associated with their assigned role, simplifying access management in large organizations.
  • This model is useful for managing access control in a structured and consistent manner.

How Broken Access Control Vulnerabilities Rise

There are several reasons why broken access control vulnerabilities may occur:

A) Insufficient or weak access control mechanisms:

Inadequate implementation of access control mechanisms, such as role-based access control (RBAC) or access control lists (ACLs), can lead to vulnerabilities. This may include not properly defining user roles and permissions or failing to enforce access controls at various levels of the system.

B) Improper input validation and output encoding:

Failure to validate and sanitize user input can result in attackers bypassing access controls. For example, an attacker may manipulate input parameters or modify URLs to access restricted resources.

C) Inadequate session management:

Weak or ineffective session management can result in session hijacking or session fixation attacks, allowing unauthorized individuals to gain access to authenticated sessions and bypass access controls.

D) Failure to enforce access control on the server side:

If access control checks are performed on the client side only, attackers can bypass them by manipulating client-side code or intercepting and modifying requests.

E) User authentication:

Weak or easily guessable passwords, lack of multi-factor authentication, or insecure password recovery mechanisms can allow attackers to gain unauthorized access to user accounts.

Types of Broken Access Control

There are several types of scenarios of Broken Access Control that can occur. These include:

A) Horizontal Privilege Escalation:

In this scenario, an authenticated user gains unauthorized access to resources or performs actions that belong to another user with the same level of privileges. This typically happens due to improper access control checks or insufficient isolation of user sessions.

For Example: There are two users A and B.

User “A” can delete his post, but he can also delete the post of User “B”.

B) Vertical Privilege Escalation:

Vertical privilege escalation occurs when an authenticated user gains higher privileges or access rights than they are authorized for. This can happen due to vulnerabilities in the system that allow users to manipulate their roles or permissions.

For Example, There is one normal user “A” and an Admin.

User “A” can access all the privileges of the admin.

Insecure Direct Object References (IDOR):

IDOR vulnerabilities arise when an application exposes internal implementation details, such as database keys or file paths, and allow users to manipulate those references to access unauthorized resources. Attackers can bypass access controls by directly referencing sensitive objects.

Conclusion

It is important to address and mitigate these various types of broken access control vulnerabilities to ensure the security and integrity of systems and protect sensitive data from unauthorized access.

Applying secure coding practices, conducting regular security assessments, and keeping access control mechanisms up to date are crucial steps in preventing and addressing these vulnerabilities.

Note: This blog is mainly referenced from the Port Swigger and EC-Council.

FAQ

Recent Articles on Linux

  1. What is Linux Operating System | Introduction to Linux
  2. Directory in Linux Define | Linux Directory & its Commands
  3. Explain the chmod command in Linux | Linux chmod command
  4. Linux User Management || User Management in Linux
  5. Linux Computer Network Advanced Command | Network Command
  6. Redirection in Linux I/O| Linux I/O Redirection
  7. CronTab and Job Scheduling in Linux | Make CronTab Project
  1. Continue and Break Statement in Python
  2. Definition of Strings in Python with its Examples
  3. Numbers in Python | Introduction to Numbers in Python
  4. Loop in Python | Different Types of Loop in Python
  5. Sets in Python | Python Sets and Operations performs on them
  6. Conditional Statements in Python (With Examples)
  7. File Handling in Python and Operations performed on File Handling
  8. What are Dictionary in Python | Dictionary in Python, advantages
  9. Variables and Typecasting in Python || Variables in Python

By Vivek Maurya

Write blogs related to Ethical hacking, Computer networks, Linux, Penetration testing and Web3 Security.

Leave a Reply

Your email address will not be published. Required fields are marked *