Skip to content
/ authorization-bypass Public

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

License

AGPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/authorization-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
authorization-bypass.drawio
authorization-bypass.drawio
 
 
authorization-bypass.png
authorization-bypass.png
 
 

Repository files navigation

A threat actor may perform unauthorized functions by bypassing or abusing the target authorization mechanism

Example #1

  1. Developer forgets to remove an in-house debugging mechanism associated with user-agent
  2. A threat actor finds out changing the user-agent header to debug grants different or higher privileges

Impact

Vary

Risk

  • read & modify data
  • execute commands

Redemption

  • validate access control

ID

91f9b046-b802-425a-b71b-64c21c6b1c0f

References

About

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

Topics

metadata example authorization vulnerability bypass qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors