Case Study #010.01

Scenario

A malicious user exploits a program vulnerability to infiltrate the system and attempts to bypass AUTHORITY-CHECK using debugging in a live system to escalate their privileges.

Impact

Debugging on live systems and making changes to data in the debug environment is a critical event that system administrators must be aware of. During debugging, data can be corrupted, and authority checks may be bypassed, allowing unauthorized privilege escalation.

DefenceMore OCA Capabilities

Defencemore OCA's A008 control lists roles with S_DEVELOP authorization at a critical level. The T001 control monitors debugging activities in the system, allowing the identification of users performing debug operations. If debugging is performed on the live system, it is considered a violation, and an alert is sent to system administrators. The T002 control monitors system status changes and generates notifications when the system is opened for modifications. Additionally, the T009 control lists all transport request objects released in the system.

Related Checks

• A008 Development Debug Auth.
• T001 Debug and Change Activity
• T009 Request Import History
• T002 Change of System Status History
• K007 T000 and T001 Change Log