πŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Token Horizontal Privilege Escalation

Horizontal Privilege Escalation happen when a user can access another users resources. Usually this vulnerability is exploited by tampering with the user identifier in the token.

Remediation

  • Do not use easily guessable or public user identifier
  • Check the authenticated session is authorised to access a requested resource

Metadata

  • Severity: high
  • Slug: token-horizontal-privilege-escalation

CWEs

  • 639: Authorization Bypass Through User-Controlled Key
  • 266: Incorrect Privilege Assignment

OWASP

  • A01:2021: Broken Access Control
  • A04:2021: Insecure Design
  • A07:2021: Identification and Authentication Failures
Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing β€” fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.