DerScanner
Home / Vulnerability Database / 1C : Privileged mode is enabled
1C

1C : Privileged mode is enabled

Classification

OWASP Top 10 2013
A7-Missing Function Level Access Control
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-279CWE-732CWE-1033
CWE/SANS Top 25 2011
CWE-732
CWE/SANS Top 25 2021
CWE-732

Overview

The procedure or function sets a privileged code execution mode. Enabling this mode may result in privilege escalation.

Privilege access mode allows:

  • to perform data operations on behalf of users who cannot access data;
  • to improve performance, as in privileged mode no restrictions are imposed on access to data.

Unreasonable use of privileged mode can lead to a security violation of user data. Any export procedures and functions that perform any actions on the server with the preliminary unconditional installation of the privileged mode are potentially dangerous, as this disables the access control of the current user.

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. CWE-279: Incorrect Execution-Assigned Permissions (https://cwe.mitre.org/data/definitions/1033.html)
MEDIUM

DerScanner Severity Score

Do you want to fix 1C : Privileged mode is enabled in your application?

See also

1C

1C : Null encryption key

1C

1C : Memory leak

1C

1C : Empty encryption key