Broken access control definition
Access control, also known as authorization, is when a web application grants or denies users access to its content and features. It sounds like a simple step in the process of setting up a system, but establishing secure and correct access control requires resources.
Broken access control is a scenario in which an attacker breaks access control and can access, modify, delete or perform actions that the application would not initially allow. Many vulnerabilities can be treated as broken access control, for example, where an ordinary user can access admin-only functions by editing URLs or seeing or modifying the information of other users.
Cases of broken access control
Insecure IDs. Most URLs contain specific IDs, keys, or indexes to identify users, content units, or features. An attacker can guess and modify these IDs to gain access to information that should not be available to third parties. Implementing proper access control in the server is crucial so unauthorized persons cannot access the requested data.
Forced browsing past access control checks. Most websites have authorized access URLs that lie deeper down in the site and should only be accessible to authenticated users. Malicious actors usually find such endpoints using the directory brute-forcing tool through trial and error. This allows attackers to access admin-only pages or paid content that can only be viewed by those who have paid.
File path traversal. It is a website security vulnerability that allows a threat actor to access sensitive files on the application server. It might include operating system files, application code, or data credentials for backend system files. The breach can result in third parties modifying the sensitive data or taking complete control of the application.
Client side caching. Browsers cache website information to reach the endpoint more quickly if the user wants to reaccess the same site. To avoid such threats, developers can use HTML meta tags to prevent browsers from storing sensitive data in their cache.