logo

Unverified Ownership

Draft Base
Structure: Simple
Description

This vulnerability occurs when an application fails to confirm that a user has legitimate ownership rights to a sensitive resource before allowing them to perform actions on it.

Extended Description

At its core, this flaw is about broken authorization. The application might check if a user is authenticated but then skips the crucial second step: verifying that the specific data or function they're trying to access actually belongs to them. This often happens when developers use an identifier from the client (like an ID in a URL, form field, or cookie) to directly fetch or modify a database record without first checking if the current session is authorized for that exact record. Exploiting this weakness is a primary goal for attackers, leading directly to data breaches and privilege escalation. For example, by simply changing a number in a URL parameter, an attacker could view another user's private messages, financial details, or administrative panels. To prevent this, every single request for a user-specific resource must be validated against the current session's ownership rights, ensuring the user is only ever acting upon resources they truly own.
Common Consequences 1
Scope: Access Control

Impact: Gain Privileges or Assume Identity

An attacker could gain unauthorized access to system resources.
Potential Mitigations 2
Phase: Architecture and DesignOperation
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phase: Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Demonstrative Examples 1
This function is part of a privileged program that takes input from users with potentially lower privileges.

Code Example:

Bad
Python
python
This code does not confirm that the process to be killed is owned by the requesting user, thus allowing an attacker to kill arbitrary processes.
This function remedies the problem by checking the owner of the process before killing it:

Code Example:

Good
Python
python

#Check process owner against requesting user* if getProcessOwner(processID) == user: ``` os.kill(processID, signal.SIGKILL) return else: print("You cannot kill a process you don't own") return

  
Observed Examples 2
CVE-2001-0178Program does not verify the owner of a UNIX socket that is used for sending a password.
CVE-2004-2012Owner of special device not checked, allowing root.
   
  
    
 
 
Applicable Platforms 
 
 
 
 
 
Languages:
 
 
 Not Language-Specific : Undetermined 
  
  
 
 
 
  
 
 
Modes of Introduction 
 
 
 
 
 
  Architecture and Design  
 
 
 
          
 
 
Related Weaknesses 
 
 
 
 
  ChildOf:
 Improper Ownership Management (CWE-282) 
 
 
 
 
Taxonomy Mapping 
  • PLOVER
  
Notes 
RelationshipThis overlaps insufficient comparison, verification errors, permissions, and privileges.