Description

The system allows bypassing authentication mechanisms and modifying other users information by altering the unique identifiers that distinguish each user.

Impact

Modify information of other users.

Recommendation

- Validate that unprivileged users can only access and modify their own information. - Manage user operations using session objects.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes