Broken access control

Description: Broken access control

Access control is the application of constraints on who or what is authorized to perform actions or access resources.

Broken access controls often present a serious security vulnerability as they can allow attackers to access resources or perform actions they should not be able to.

Remediation: Broken access control

If this endpoint is intended to be restricted to authenticated users, implement access controls that enforce this.

References

Web Security Academy: Access Control
OWASP A01:2021 - Broken Access Control

Vulnerability classifications

CWE-284: Improper Access Control

Typical severity

Information

Type index (hex)

0x00100850

Type index (decimal)

1050704

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Get Burp

Scan your web application from just $449.00

Find out more

How do I?	New Post	View All
Feature Requests	New Post	View All
Burp Extensions	New Post	View All
Bug Reports	New Post	View All