An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.
Description
Attack Execution Flow
4
1
Step 1
ExploreDetermine what external libraries the application accesses.
AI Translation
Determina quali librerie esterne l'applicazione utilizza.
2
Step 2
ExperimentBlock access to the external libraries accessed by the application.
AI Translation
Blocca l'accesso alle librerie esterne utilizzate dall'applicazione.
3
Step 3
ExperimentMonitor the behavior of the system to see if it goes into an insecure/inconsistent state.
AI Translation
Monitorare il comportamento del sistema per verificare se entra in uno stato insicuro/incoerente.
4
Step 4
ExperimentIf the system does go into an insecure/inconsistent state, leverage that to obtain information about the system functionality or data, elevate access control, etc. The rest of this attack will depend on the context and the desired goal.
AI Translation
Se il sistema dovesse entrare in uno stato insicuro/incoerente, sfruttalo per ottenere informazioni sulla funzionalità del sistema o sui dati, elevare i privilegi di accesso, ecc. Il resto di questo attacco dipenderà dal contesto e dall'obiettivo desiderato.
Mitigations
1
Ensure That Application Handles Situations Where Access To Apis In External Libraries Is Not Available Securely. If The Application Cannot Continue Its Execution Safely It Should Fail In A Consistent And Secure Fashion.
Consequences
Security Scopes Affected
Access Control
Authorization
Availability
Confidentiality
Potential Impacts
Alter Execution Logic
Bypass Protection Mechanism
Other