Broken Access Control (BAC)

Broken Access Control is when an application does not thoroughly restrict user permissions for appropriate access to administrative functionality. The consequences associated to broken access control may include viewing of unauthorized content, modification or deletion of content, or full application takeover. A few examples of common access control vulnerabilities are role based access, poor password management, insecure Id’s, forced browsing past access control checks, path traversal, file permissions, and client side caching.