Learn about Missing Function Level Access Control vulnerability, impact, prevention, and attack scenarios. Protect your system from unauthorized access risks.
This article discusses the OWASP Top 10 2013-A7 vulnerability, which is Missing Function Level Access Control. It provides an overview of the threat, the potential impact, and how to prevent it. It also includes example attack scenarios and references for further information.
Missing Function Level Access Control is a vulnerability where applications do not properly protect their functions, allowing unauthorized access to privileged functionality. This can occur due to misconfigurations or missing code checks. Attackers can exploit this vulnerability by changing URLs or parameters to gain access to unauthorized functionality. This can lead to unauthorized data access or manipulation, compromising the confidentiality, integrity, and availability of the system.
To prevent Missing Function Level Access Control, it is recommended to have a consistent and easy-to-analyze authorization module that is invoked from all business functions. This protection should be provided by components external to the application code. Entitlement management should be flexible and auditable. By default, all access should be denied, and explicit grants should be required for specific roles. It is important to implement checks in the controller or business logic, rather than relying solely on presentation layer access control.
Scenario #1: Unauthenticated Access to Admin Pages: In this scenario, an attacker simply force browses to target URLs that require authentication and admin rights. If an unauthenticated user can access these pages or an authenticated non-admin user can access the admin page, it is a flaw that can lead to unauthorized access to admin functionality.
Scenario #2: Failure to Enforce Role-Based Permissions: In this scenario, a page provides an 'action' parameter to specify the function being invoked, and different actions require different roles. If these roles are not effectively enforced, it is a flaw that can allow unauthorized access to the functions that should be restricted to specific roles.