Authorization Bypass via Forced Browsing
Variants:
Direct
Also Known As:
Improper Authorization, Privilege Abuse
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Privilege Validation
Invented In:
01/01/1999
Added In:
24/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Malicious users can bypass the authorization enforcement by directly accessing protected resources that require higher privileges than they currently posses.
