Improper Authorization
Improper Authorization
Overview
Improper authorization allows authenticated users to access functions or data outside their privileges.
Impact
It can expose sensitive data or allow unauthorized modification.
Countermeasures
Enforce authorization on the server for every request, check object ownership, and deny by default.