035 – Manage privilege modifications

Summary

The system must not allow system actors to modify privileges for themselves.

Description

Systems should have a set of roles with different levels of privilege to access resources. The privileges of each role must be clearly defined and the role of each user should also be clearly stated. Furthermore, users should not be allowed to modify their own privileges, as this could be leveraged to access otherwise restricted functionalities and resources.

Supported In

Advanced: True

References

• CAPEC-233. Privilege escalation
• CAPEC-690. Metadata Spoofing
• CWE-267. Privilege defined with unsafe actions
• CWE-269. Improper privilege management
• CWE-639. Authorization bypass through user-controlled key
• OWASP10-A1. Broken access control
• OWASPM10-M6. Insecure authorization
• BIZEC-APP-06. Direct database modifications
• MITRE-M1024. Restrict registry permissions
• MITRE-M1026. Privileged account management
• MITRE-M1039. Environment variable permissions
• MITRE-M1052. User account control
• MITRE-M1056. Pre-compromise
• PADSS-3_4. Limit access to required functions/resources and enforce least privilege for built-in accounts
• PADSS-5_2_8. Improper access controls
• SANS25-11. Missing authorization
• CMMC-AC_L1-3_1_1. Authorized access control
• CMMC-AC_L2-3_1_4. Separation of duties
• CMMC-AC_L2-3_1_7. Privileged functions
• HITRUST-01_c. Privilege management
• FEDRAMP-AC-6_1. Least privilege - Authorize access to security functions
• FEDRAMP-CM-5_5. Access restrictions for change - Limit production, operational privileges
• ISO27002-8_2. Privileged access rights
• OSSTMM3-9_15_3. Wireless security (privileges audit) - Escalation
• WASC-A_12. Content spoofing
• WASC-W_02. Insufficient authorization
• ISSAF-A_2_4. Assessment - Penetration
• ISSAF-P_6_15. Host security - Linux security (local attacks)
• ISSAF-Q_16_20. Host security - Windows security (local attacks)
• ISSAF-Y_3_4. Database Security - Database services countermeasures
• OWASPRISKS-P2. Operator-sided data leakage
• BSAFSS-AA_1-2. Authorization and access controls
• BSAFSS-AA_2-1. Authorization and access (support controls)
• CWE25-862. Missing authorization
• SWIFTCSC-5_1. Logical access control
• C2M2-9_5_h. Implement data security for cybersecurity architecture
• PCI-7_2_3. Required privileges are approved by authorized personnel
• OWASPAPI-API1. Broken Object Level Authorization
• ISO27001-8_2. Privileged access rights
• NIST-PR_AA-01. Identities and credentials for authorized users, services, and hardware are managed by the organization

Weaknesses

• 005 – Privilege escalation
• 032 – Spoofing

Last updated

2024/03/05