Privilege escalation is gaining access to the resource or function which is not intended for. Escalations are mainly categorized into two.
1. Horizontal Privilege Escalation and
2. Vertical Privilege Escalation
These are detailed below
Horizontal Privilege Escalation: When the access gained is between the users of same level, we call it as horizontal escalation. For example: Alice and Bob are two users and each have their own functions. When Alice gains the functions which are private to Bob then it is a horizontal privilege escalation.
Vertical Privilege Escalation: When the access gained is between the users of different levels, it is a vertical escalation. Continuing with the previous example: Apart from Alice and Bob, there is an Administrator who takes care of administrative functions which are protected and can be accessed only by an admin. Alice successfully managed to gain the protected functions of administrator. Here, the escalation is from a normal user to an administrator with higher privileges. This is vertical privilege escalation.
1. Horizontal Privilege Escalation and
2. Vertical Privilege Escalation
These are detailed below
Horizontal Privilege Escalation: When the access gained is between the users of same level, we call it as horizontal escalation. For example: Alice and Bob are two users and each have their own functions. When Alice gains the functions which are private to Bob then it is a horizontal privilege escalation.
Vertical Privilege Escalation: When the access gained is between the users of different levels, it is a vertical escalation. Continuing with the previous example: Apart from Alice and Bob, there is an Administrator who takes care of administrative functions which are protected and can be accessed only by an admin. Alice successfully managed to gain the protected functions of administrator. Here, the escalation is from a normal user to an administrator with higher privileges. This is vertical privilege escalation.
thanks for the nice info..!
ReplyDelete