Insecure Direct Object Reference
Variants:
Direct Persistent Session
Also Known As:
Insufficient Authorization, Authorization Bypass Through User-Controlled Key, Resource Injection
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Privilege Validation
Invented In:
01/01/1999
Added In:
09/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can gain access to restricted content by manipulating user-controlled resource identifiers originating from the client-side
