Authorization / Incorrect Default Permissions

Description

Incorrect Default Permissions is a type of authorization vulnerability, in which certain files or directories are given permissions that are too broad or are granted to a wider set of users than is necessary. This type of vulnerability may be found in web and API applications, and is listed as the twentieth most common vulnerability on the CWE Top 25 (2022). (1) According to the OWASP Testing Guide, incorrect default permissions may lead to unintended access to sensitive data or other resources. (2)

Risk

Incorrect default permissions can be a significant security issue, as it can give unauthorized users access to sensitive data or resources. A risk assessment should be performed to determine the potential impact that this vulnerability could have on an organization.

Solution

The solution to this vulnerability is to ensure that all files and directories have the correct permissions set. This can be done by setting the correct access control lists (ACLs) for each file or directory, and ensuring that only the necessary users have access to the files and directories. Additionally, it is important to regularly review the file and directory permissions to make sure they are still set correctly.