🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Horizontal Privilege Escalation

Horizontal Privilege Escalation occurs when a user is able to access another user’s resources at the same privilege level. This typically happens when applications rely on user-supplied identifiers (e.g., user_id, email address) without proper server-side authorisation checks. An adversary can exploit this by tampering with identifiers in requests to view or modify another user’s data, such as changing account_id=123 to account_id=124.

Remediation

  • Avoid using easily guessable or public identifiers (e.g., sequential database primary keys, email addresses) as access control tokens.
  • Always enforce server-side authorisation by verifying that the authenticated session is permitted to access the requested resource.
  • Use indirect object references (e.g., opaque or random identifiers) instead of exposing raw user IDs to clients.
  • Apply logging and monitoring to detect unusual access patterns that could indicate lateral movement.

Metadata

  • Severity: high
  • Slug: horizontal-privilege-escalation

CWEs

  • 639: Authorization Bypass Through User-Controlled Key
  • 266: Incorrect Privilege Assignment
  • 285: Improper Authorization

OWASP

  • A01:2021: Broken Access Control
  • A04:2021: Insecure Design
  • A07:2021: Identification and Authentication Failures
Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.