1. Support Center
  2. Issue Definitions
  3. Broken Access Control

Broken Access Control

Description: Broken Access Control

Access control is the application of constraints on who or what is authorized to perform actions or access resources.

Broken access controls often present a serious security vulnerability as they can allow attackers to access resources or perform actions they should not be able to.

Remediation: Broken Access Control

If this endpoint is intended to be restricted to authenticated users, implement access controls that enforce this.


Vulnerability classifications

Typical severity


Type index (hex)


Type index (decimal)


Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Read more

Get Burp

Scan your web application from just $449.00

Find out more