Vertical Privilege Escalation - Broken Access Control

We have already talked about Horizontal Privilege Escalation, and today we will talk about the Vertical Privilege Escalation.

Some facts

1. Privilege escalation is a common goal of attackers: Attackers often attempt to elevate their privileges within a system or application to gain access to sensitive information or perform malicious actions.
2. Privilege escalation can occur at various stages: Privilege escalation can occur at different stages of an application's lifecycle, including design, development, deployment, and maintenance.
3. Privilege escalation vulnerabilities are often due to coding errors: Many privilege escalation vulnerabilities are caused by coding errors, such as lack of input validation or improper handling of user input.
4. Privilege escalation can be vertical or horizontal: Privilege escalation can be vertical, where an attacker elevates their privileges to access more sensitive information or functions within the same level, or horizontal, where an attacker gains access to another user's privileges at the same level.
5. Privilege escalation can be mitigated through least privilege: Least privilege is a security principle that limits users and applications to only the minimum permissions necessary to perform their tasks, reducing the impact of a successful privilege escalation attack.
6. Privilege escalation can be detected through monitoring: Monitoring user activity and system logs can help detect and respond to privilege escalation attempts, providing an early warning of potential attacks.
7. Privilege escalation can have severe consequences: A successful privilege escalation attack can have severe consequences, including theft or modification of sensitive data, disruption of services, and unauthorized access to critical systems.

Vertical privilege escalation refers to a type of security vulnerability that allows an attacker or an unauthorized user to gain higher levels of access or privileges on a computer system or network. This means that a user who originally had limited or no access to certain resources or functionalities can elevate their privileges to perform actions they were not authorized to perform.
For highly advanced users, vertical privilege escalation can occur in a number of ways, such as exploiting vulnerabilities in the operating system, applications, or services running on a system or using social engineering techniques to obtain privileged credentials. Attackers can then use the elevated privileges to perform a wide range of malicious activities, including stealing sensitive data, installing malware, or taking control of the entire system.
To prevent vertical privilege escalation, it is important to implement proper access controls, such as using the principle of least privilege, enforcing strong password policies, and regularly patching and updating software to prevent known vulnerabilities from being exploited. Other best practices include using multi-factor authentication, monitoring user activity logs, and conducting regular security audits and assessments to identify and remediate potential vulnerabilities.

class BankAccount:
   def __init__(self, balance):
       self.balance = balance

   def deposit(self, amount):
       self.balance += amount

   def withdraw(self, amount):
       if amount <= self.balance:
           self.balance -= amount
       else:
           print("Insufficient balance")

class Customer:
   def __init__(self, name, balance):
       self.name = name
       self.bank_account = BankAccount(balance)

   def get_balance(self):
       return self.bank_account.balance

class Bank:
   def __init__(self, customers):
       self.customers = customers

   def add_customer(self, customer):
       self.customers.append(customer)

   def get_customers(self):
       return self.customers

# A user with limited access rights
customer1 = Customer("John", 500)

# An attacker with escalated access rights
customer2 = Customer("Hacker", 1000000)

bank = Bank([customer1])

# The attacker adds themselves to the list of customers
bank.add_customer(customer2)

# The attacker now has access to the entire customer database
customers = bank.get_customers()
for customer in customers:
   print(customer.name, customer.bank_account.balance)

In this example, the Bank class has a method add_customer that can be called by a user with limited access rights to add new customers to the bank's database. However, an attacker can exploit this method to add themselves to the list of customers and gain access to the entire customer database.

class BankAccount:
   def __init__(self, balance):
       self.balance = balance

   def deposit(self, amount):
       self.balance += amount

   def withdraw(self, amount):
       if amount <= self.balance:
           self.balance -= amount
       else:
           print("Insufficient balance")

class Customer:
   def __init__(self, name, balance):
       self.name = name
       self.bank_account = BankAccount(balance)

   def get_balance(self):
       return self.bank_account.balance

class Bank:
   def __init__(self, customers):
       self.customers = customers

   def add_customer(self, customer):
       # Check if the user has the required privileges to add customers
       if isinstance(customer, Customer):
           self.customers.append(customer)
       else:
           print("You don't have the required privileges to perform this action")

   def get_customers(self):
       return self.customers

# A user with limited access rights
customer1 = Customer("John", 500)

# An attacker with escalated access rights
customer2 = Customer("Hacker", 1000000)

bank = Bank([customer1])

# The attacker tries to add themselves to the list of customers
bank.add_customer(customer2)

# Since the attacker is not authorized to perform this action, the customer is not added to the database
customers = bank.get_customers()
for customer in customers:
   print(customer.name, customer.bank_account.balance)

In the fixed version, the add_customer method in the Bank class checks if the input is an instance of the Customer class before adding it to the list of customers. If the input is not an instance of the Customer class, the method returns an error message indicating that the user does not have the required privileges to perform this action. This prevents unauthorized users from adding themselves to the customer database and gaining access to sensitive information.

Prevention

• The least privilege principle limits user access to only the resources they need to perform their job duties. This principle helps to reduce the attack surface and minimize the impact of a potential attack.
• Role-based access control: Implement a role-based access control (RBAC) system, where users are assigned roles with specific access privileges based on their job duties.
• Regularly review access control: Regularly review and update access control policies to ensure they are still appropriate and effective. This can include monitoring access logs and conducting periodic access reviews.
• Properly manage user accounts: Ensure that user accounts are properly managed, including disabling accounts for users who no longer need access and revoking privileges for employees who change job roles or leave the organization.
• Implement strong authentication: Implement robust authentication mechanisms, such as two-factor authentication, to prevent unauthorized access to sensitive data.
• Regularly update and patch systems: Regularly update and patch systems to prevent known vulnerabilities from being exploited.
• Conduct security training: Conduct regular security training for employees to help them understand the risks of privilege escalation and how to prevent it.

_‍

_{Note: The the code is written for the purpose of illustration, and not for implementation.}

_{The image used in this article was generated with the assistance of AI.}