Unchecked Return Values for Privilege Drop
Description
These functions may be used to either drop or change account privileges. If the calls fail, the process will continue to run with the privileges assigned to it on start. Depending on the logic of the application, this may allow attackers to abuse the system due to privileges never being changed to a different access level. Always ensure return values of this function are checked to determine if the application should continue to operate.
Examples
Insecure Code
c
RpcImpersonateClient(); // without checking return valueSecure Code
c
if (!RpcImpersonateClient()) { /* handle error */ }Remediation
Check the return values of the functions to ensure the application handles failed privilege drops correctly.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0559 |
| Category | AccessControl |
| Severity | HIGH |
| CWE | CWE-250 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | privilege drop, access control |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |