Authorization vulnerabilities occur when a system fails to properly verify that a user has the necessary permissions to access a resource or perform an action.
Authorization Vulnerabilities Overview
Missing Function Level Authorization
Insecure Direct Object References (IDOR)
Broken Object Level Authorization
Privilege Escalation
Missing Authorization Headers
Improper Access Control
JWT Without Signature Verification
Relying on Client-Side Authorization
Insufficient Authorization Granularity
Hardcoded Roles or Permissions
Missing Re-Authentication for Sensitive Operations
Insecure Authorization Decisions
Lack of Context-Aware Authorization
Failure to Validate Authorization on Each Request