Insufficient Compartmentalization| ID: 653 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The product does not sufficiently compartmentalize
functionality or processes that require different privilege levels, rights, or
permissions.
Extended DescriptionWhen a weakness occurs in functionality that is accessible by
lower-privileged users, then without strong boundaries, an attack might
extend the scope of the damage to higher-privileged users.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Gain privileges / assume
identityBypass protection
mechanism | The exploitation of a weakness in low-privileged areas of the software
can be leveraged to reach higher-privileged areas without having to
overcome any additional obstacles. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | | Break up privileges between different modules, objects or entities.
Minimize the interfaces between modules and require strong access
control between them. | | |
RelationshipsThere is a close association with CWE-250 (Execution with Unnecessary
Privileges). CWE-653 is about providing separate components for each
privilege; CWE-250 is about ensuring that each component has the least
amount of privileges possible. In this fashion, compartmentalization becomes
one mechanism for reducing privileges.
| Related CWE | Type | View | Chain |
|---|
| CWE-653 ChildOf CWE-901 | Category | CWE-888 | |
Demonstrative Examples (Details)
- Single sign-on technology is intended to make it easier for users to
access multiple resources or domains without having to authenticate each
time. While this is highly convenient for the user and attempts to address
problems with psychological acceptability, it also means that a compromise
of a user's credentials can provide immediate access to all other resources
or domains.
- The traditional UNIX privilege model provides root with arbitrary
access to all resources, but root is frequently the only user that has
privileges. As a result, administrative tasks require root privileges, even
if those tasks are limited to a small area, such as updating user man pages.
Some UNIX flavors have a "bin" user that is the owner of system executables,
but since root relies on executables owned by bin, a compromise of the bin
account can be leveraged for root privileges by modifying a bin-owned
executable, such as CVE-2007-4238.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:
- Jerome H. Saltzer Michael D. Schroeder .The Protection of Information in Computer
Systems. Proceedings of the IEEE 63. Published on September, 1975.
- Sean Barnum Michael Gegick .Separation of Privilege. Published on 2005-12-06.
