top of page
Broken Access Control
Broken access control happens when authorization rules are missing, inconsistent, or improperly enforced across application features, APIs, objects, or workflows. It can lead to IDOR, privilege abuse, unauthorized data access, account manipulation, or administrative action misuse. In bug bounty programs, broken access control is one of the most important vulnerability categories because it directly impacts confidentiality, integrity, and business trust.
User Requests Restricted Resource → Access Rule Fails → Data or Action Exposed → Business Risk Created → Role Controls Applied
bottom of page