An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
Description
Attack Execution Flow
3
1
Step 1
Explore[Survey] The attacker surveys the target application, possibly as a valid and authenticated user.
Spider the web site for all available links.
Brute force to guess all function names/action with different privileges.
AI Translation
[Survey] L'attacker esamina l'applicazione target, possibilmente come utente autenticato e valido.
Indicizza il sito web per tutti i link disponibili.
Forza bruta per indovinare tutti i nomi delle funzioni/azioni con diversi privilegi.
Attack Techniques
-
Spider the web site for all available links.
-
Brute force to guess all function names/action with different privileges.IT: Scansiona il sito web per tutti i link disponibili.
2
Step 2
Experiment[Identify weak points in access control configurations] The attacker probes the access control for functions and data identified in the Explore phase to identify potential weaknesses in how the access controls are configured.
The attacker attempts authenticated access to targeted functions and data.
The attacker attempts unauthenticated access to targeted functions and data.
The attacker attempts indirect and side channel access to targeted functions and data.
AI Translation
[Identificare i punti deboli nelle configurazioni di controllo degli accessi] L'attaccante esamina il controllo degli accessi per funzioni e dati identificati nella fase Explore per individuare potenziali vulnerabilità nella configurazione dei controlli di accesso.
L'attaccante tenta l'accesso autenticato a funzioni e dati mirati.
L'attaccante tenta l'accesso non autenticato a funzioni e dati mirati.
L'attaccante tenta l'accesso indiretto e tramite canali laterali a funzioni e dati mirati.
Attack Techniques
-
The attacker attempts authenticated access to targeted functions and data.
-
The attacker attempts unauthenticated access to targeted functions and data.IT: L'attaccante tenta l'accesso autenticato a funzioni e dati mirati.
-
The attacker attempts indirect and side channel access to targeted functions and data.IT: L'attaccante tenta l'accesso autenticato a funzioni e dati mirati.
3
Step 3
Exploit[Access the function or data bypassing the access control] The attacker executes the function or accesses the data identified in the Explore phase bypassing the access control.
The attacker executes the function or accesses the data not authorized to them.
AI Translation
[Accedere alla funzione o ai dati bypassando il controllo degli accessi] L'attaccante esegue la funzione o accede ai dati identificati nella fase di Esplorazione bypassando il controllo degli accessi.
L'attaccante esegue la funzione o accede ai dati non autorizzato.
Attack Techniques
-
The attacker executes the function or accesses the data not authorized to them.
Mitigations
1
Design: Configure The Access Control Correctly.
Consequences
Security Scopes Affected
Access Control
Authorization
Availability
Confidentiality
Integrity
Potential Impacts
Bypass Protection Mechanism
Execute Unauthorized Commands
Gain Privileges
Modify Data
Read Data
Unreliable Execution
Relationships
Parent CAPECs
Child CAPECs
CAPEC-58
Restful Privilege Elevation
CAPEC-679
Exploitation of Improperly Configured or Implemented Memory Protections
CAPEC-680
Exploitation of Improperly Controlled Registers
CAPEC-681
Exploitation of Improperly Controlled Hardware Security Identifiers
CAPEC-702
Exploiting Incorrect Chaining or Granularity of Hardware Debug Components
Related CAPECs
Related ATT&CK Techniques
1
T1574.010
Services File Permissions Weakness
Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the …
Resources Required
1
None: No specialized resources are required to execute this type of attack.