Standard attack pattern

Draft

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Frequently asked questions

Common questions about CAPEC-1.

What is CAPEC-1?

How does a Accessing Functionality Not Properly Constrained by ACLs attack work?

It typically unfolds over 3 phases. It begins with: [Survey] The attacker surveys the target application, possibly as a valid and authenticated user

How do you prevent CAPEC-1?

In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as "NoAccess", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user. Having done so, any direct access to those protected Servlets will be prohibited by the web container. In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic.

What weaknesses does CAPEC-1 target?

CAPEC-1 exploits 16 CWE weaknesses, including CWE-276 (Incorrect Default Permissions), CWE-285 (Improper Authorization), CWE-434 (Unrestricted Upload of File with Dangerous Type), CWE-693 (Protection Mechanism Failure).

How severe is CAPEC-1?

MITRE rates CAPEC-1 as High severity with high likelihood of attack.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-1?

How does a Accessing Functionality Not Properly Constrained by ACLs attack work?

How do you prevent CAPEC-1?

What weaknesses does CAPEC-1 target?

How severe is CAPEC-1?

References

Defend against CAPEC-1

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Child

Can precede

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-1?

How does a Accessing Functionality Not Properly Constrained by ACLs attack work?

How do you prevent CAPEC-1?

What weaknesses does CAPEC-1 target?

How severe is CAPEC-1?

References

Defend against CAPEC-1