Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000342
The application must execute without excessive account permissions.
The application must execute without excessive account permissions.
An XCCDF Rule
Details
Profiles
Prose
The application must execute without excessive account permissions.
High Severity
<VulnDiscussion>Applications are often designed to utilize a user account. The account represents a means to control application permissions and access to OS resources, application resources or both. When the application is designed and installed, care must be taken not to assign excessive permissions to the user account that is used by the application. An application operating with unnecessary privileges can potentially give an attacker access to the underlying operating system or if the privileges required for application execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. Applications must be designed and configured to operate with only those permissions that are required for proper operation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>