πŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Horizontal Privilege Escalation

Horizontal Privilege Escalation occurs when a user is able to access another user’s resources at the same privilege level. This typically happens when applications rely on user-supplied identifiers (e.g., user_id, email address) without proper server-side authorisation checks. An adversary can exploit this by tampering with identifiers in requests to view or modify another user’s data, such as changing account_id=123 to account_id=124.

Remediation

  • Avoid using easily guessable or public identifiers (e.g., sequential database primary keys, email addresses) as access control tokens.
  • Always enforce server-side authorisation by verifying that the authenticated session is permitted to access the requested resource.
  • Use indirect object references (e.g., opaque or random identifiers) instead of exposing raw user IDs to clients.
  • Apply logging and monitoring to detect unusual access patterns that could indicate lateral movement.

Metadata

  • Severity: high
  • Slug: horizontal-privilege-escalation

CWEs

  • 639: Authorization Bypass Through User-Controlled Key
  • 266: Incorrect Privilege Assignment
  • 285: Improper Authorization

OWASP

  • A01:2021: Broken Access Control
  • A04:2021: Insecure Design
  • A07:2021: Identification and Authentication Failures

Available Labs

Open Java labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing β€” fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.