This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Manipulating User Permission Identifier
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
This attack focus on manipulation of user permission identifier in order to elevate his privileges on the application, resulting in unauthorized access, fraudulent transactions and application disrupt. The user permission identifier is normally tied or associated with a session ID, local cookies, hidden fields, among others.
To execute this attack, it is necessary to determine how the application manages user permission identifier, where/how/which information is stored and managed (client-side, server-side or both) and what data is used as part of identifier. Based on this, the attacker can forge his request using new values for session identifier and raise his permission on the application.
Examples
Assume that an application stores the authentication decision (auth=0/1) in an unencrypted cookie on client machine. An attacker can violate this information of user session and set “auth=1” in order to get illegitimate access and elevated his privilege in the application.
External References
Related Threats
Category: Information Disclosure
Related Attacks
Related Vulnerabilities
Category: Environmental Vulnerability
Related Countermeasures