Identity Management / Highly Privileged Accounts Are Not in the Protected Users
Description Highly privileged accounts are not in the Protected Users group is an IT vulnerability related to identity management (CWE-264). This vulnerability occurs when privileged accounts are not part of the Protected Users group, allowing them to bypass the default security settings of the operating system. This type of vulnerability is classified under OWASP Testing Guide 4.0 as A10: Insufficient Logging & Monitoring.
Risk The risk associated with this vulnerability is that the privileged accounts can bypass the security settings of the operating system, allowing attackers to gain access to restricted data and systems. This presents a high risk to the organization, as it can lead to a potential data breach and compromise the confidentiality, integrity, and availability of the organization's data and systems.
Solution The solution to this vulnerability is to ensure that all privileged accounts are included in the Protected Users group. This will ensure that the default security settings of the operating system are enforced for all privileged accounts. Additionally, organizations should implement logging and monitoring systems to detect any suspicious activity associated with privileged accounts.
Example The following code example from CVE-2018-8608 demonstrates a code injection vulnerability in a web application. By exploiting this vulnerability, an attacker can bypass the default security settings of the operating system and gain access to restricted data and systems.
$cmd = "echo '<?php system("echo test"); ?>' > index.php"; exec($cmd);