OWASP Top10 Application Security Risk
Never leave this tip while you hunting Broken Access Control
A special Bug-Bounty tip for Bug hunters and Pen-testers
If you already know about Broken Access Control weakness. Please skip explanation and go to the “Observation” section.
What is Broken Access Control
Broken Access Control is a type of weakness in the software program or application. If the system gives unauthorized access to a low privileged user then we can say that the system had a Broken Access Control weakness.
Broken access controls are a commonly tends to High/critical security vulnerability. Design and management of access controls is a complex and dynamic problem that applies business, organizational, and legal constraints to a technical implementation.
Access Controls are sub-divided into 2 categories
1. Vertical Access Controls
2. Horizontal Access Controls
Issue Observation:
We will assume that the target host name is REDACTED. The figures during the post just for demonstrations, might not relevant to REDACTED domain.