Description

The systems authorization mechanism does not prevent one user from accessing another users data by modifying the key value that identifies it.

Impact

Obtain, modify or delete information from other users.

Recommendation

- Validate that unprivileged users can access and modify only their own information. - Handle the user operations using session objects.

Threat

Authenticated user from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes