What is the term for when an attacker gains elevated privileges by exploiting a bug with access to a user account?

The term that describes when an attacker gains elevated privileges by exploiting a bug with access to a user account is referred to as privilege escalation. This process involves a user or a malicious actor taking advantage of flaws in the software, misconfigurations, or vulnerabilities within a system to obtain higher access levels than they are normally entitled to.

Privilege escalation can occur in two forms: vertical escalation, where lower-level users gain access to the privileges of higher-level users, and horizontal escalation, where one user accesses the privileges of another user at the same level. This tactic is especially dangerous because it can allow an attacker to execute unauthorized commands or access sensitive information, leading to data breaches or further attacks on the system.

While authentication bypass deals with circumventing user verification processes typically in a different context, session hijacking involves taking over a user session after successfully authenticating, and access control refers to the policies determining who is allowed access to different resources. These terms represent different attack vectors or protective measures, diverging from the specific context of privilege escalation.