Client Controlled Authentication Status Manipulation

Variants:
Direct Session 

Also Known As:
Authentication Bypass via Parameter Tampering

Vector Operation Method:
Attackers can bypass the authentication enforcement mechanism by manipulating client-originating authentication status variables that the application relies on to determine the authentication status