Improper authorization control for web services
Description
The systems web services do not have an authorization control mechanism or the one in place can be bypassed.
Impact
Obtain confidential information from users.
Recommendation
Validate through session cookies or tokens that users trying to access certain information are authenticated.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.