Broken Access Control
Broken Access Control is a security vulnerability that occurs whenever a user can access data or functionality for which they are not authorized.
- Two main types of vulnerabilities
- Broken Function Level Access Control: The user can access a function that they are not authorized to use (
e.g. access a list of all credit cards in the admin area, essentially gaining administrator function access).
Prerequisite: We must know valid requests to the application (guessing, having access to logs, etc.) - Broken Object Level Access Control: The user has the right to access a function which he then can use to
access objects which he is not authorized for (e.g. access the profile of another user, or delete a file which he
does not own).
Prerequisite: The application exposes an identifier to the user which directly corresponds to an internal object of the web app
- Broken Function Level Access Control: The user can access a function that they are not authorized to use (
e.g. access a list of all credit cards in the admin area, essentially gaining administrator function access).
In general, broken object level access control happens more frequently than broken function level access control.
Countermeasures
- Authorization check must be performed on every request
- The check must be performed on function level and object level passed in the parameters
- Don't expose identifiers to the user which directly correspond to an internal object of the web app if possible