Introduction
Broken Function Level Authorization refers to the risk of improper authorization controls in APIs, where API calls may allow unauthorized access to sensitive functionality. This can occur when API calls do not properly validate the permissions of the caller, or when permissions are not correctly enforced on the server side.
Risks
Some common risks associated with Broken Function Level Authorization include:
– Sensitive functionality being accessed or exploited by -unauthorized parties
– Unauthorized modification or deletion of data
– Elevation of privileges by unauthorized parties
Attack Scenarios
Attack scenarios for cloud applications may include:
– An attacker intercepts an API call and modifies the permissions of the caller to gain access to sensitive functionality
– An attacker uses a compromised account with higher permissions to access sensitive functionality
– An attacker exploits a vulnerability in the API to bypass authorization checks and access sensitive functionality
Vulnerable Sample Code
A vulnerable sample of code in Go lang might look like this:
func deleteData(w http.ResponseWriter, r *http.Request) {
userID := r.Header.Get("X-User-ID")
err := database.DeleteData(userID)
if err != nil {
http.Error(w, "Error deleting data", http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode("Data deleted successfully")
}
In this example, the API call allows a user to delete data from a database based on their ID, which is passed in the request header. However, there is no validation or authorization check to ensure that the user is authorized to delete the data, and any user with a valid ID could potentially delete data belonging to other users. An attacker could exploit this vulnerability by intercepting the API call and modifying the user ID to delete data that they should not have access to.
Sample Attack
A sample attack payload using the curl command might look like this:
curl -H "X-User-ID: attacker_user_id" -X DELETE http://api.example.com/deletedata
In this example, the attacker is using curl to send a DELETE request to the API with a modified user ID in the request header. If the API is vulnerable to Broken Function Level Authorization, the attacker may be able to delete data that they should not have access to.
MITRE ATT&CK framework reference
Broken Function Level Authorization can be mapped to the Tactic: Privilege Escalation and the Techniques: Exploitation of Uncontrolled Linkage to a Third-party Domain, Uncontrolled Search Path Element in the MITRE ATT&CK framework. These techniques involve exploiting vulnerabilities in authorization controls to gain access to resources or functionality that the attacker should not have access to.
Mitigation
To mitigate the risk of Broken Function Level Authorization, organizations should ensure that they properly validate and enforce permissions on API calls. This may include implementing proper authentication and authorization controls, as well as regularly reviewing and testing the security of their API implementations. Additionally, organizations should ensure that they are properly logging and monitoring API activity to detect and respond to any unauthorized access or manipulation of sensitive functionality.
Download API Security whitepaper
Our in-depth whitepaper provides valuable insights into how Prancer Security’s cutting-edge solution mitigates critical risks such as unauthorized access and data breaches, while adhering to the highest security standards.
Don’t leave your API security to chance – download our comprehensive whitepaper now and discover how Prancer Security can safeguard your organization from potential threats!