Description

An unauthorized user can access or manipulate information of other users just by knowing the identifier that differentiates them, since the application does not validate the necessary permissions to access.

Impact

Access or manipulate the victims account information by knowing a victims user ID.

Recommendation

Verify that the user who is trying to access the information has the necessary permissions to access.

Threat

Unauthorized user from local network.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes