VAPT: IDOR Vulnerability - Insecure Direct Object Reference Detection

XMLWordPrintable

    • Type: Task
    • Resolution: Unresolved
    • Priority: Highest
    • 3.1.0
    • Affects Version/s: None

      Identified a potential Insecure Direct Object Reference (IDOR) vulnerability in the application.

      http://uatamrit.piramalswasthya.org:8080/104ui-v1.0/user/getRoleScreenMappingByProviderID?apikey=undefined 

      User Role: User

      Mapping with Checklist: OWASP Authorization Testing 

      Expected Behavior:

      • The application should verify that the logged-in user is authorized to access the requested resource.
      • Unauthorized users should not be able to access or modify objects they don’t own.

            Assignee:
            Thumu Gayathri
            Reporter:
            Shashank Kharkwal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: