Broken Access Control (BAC)

Broken Access Control is when an application does not thoroughly restrict user permissions for appropriate access to administrative functionality. The consequences associated to broken access control may include viewing of unauthorized content, modification or deletion of content, or full application takeover. A few examples of common access control vulnerabilities are role based access, poor password management, insecure Id’s, forced browsing past access control checks, path traversal, file permissions, and client side caching.

Related Resources:

[Bugcrowd University] Broken Access Control Testing
[Guide] The Ultimate Guide to Managed Bug Bounty

Spotlight: Web Vulnerabilities
The Biggest Bugs in 2018 and What’s to Come