Authorization Bypass


The application is vulnerable to authorization bypass. Due to improper authorization checks by the application, an attacker is able to circumvent restrictions in the application in order to manipulate workflows, business logic, and other checks in order to perform unauthorized functions. 

Impact

An attacker can use an authorization bypass vulnerability in order to undermine the logic of the application.  Attackers may be able to subvert limits in the application to gain additional privileges, modify the application front end in order to gain increased functionality, and alter workflows to achieve unexpected outcomes. Authorization bypass attacks may have a financial or business impact on the organization depending on which limits or rules can be manipulated.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply