Missing Function-Level Access Control

This vulnerability allows an attacker to get elevated privileges to access sensitive functional modules within the application. Often this is caused due to improper development or improper configuration rules on the server side.

Consider an example of two portals within an application

http://example.com/app/getappInfo Provides General User specific information on the application
http://example.com/app/admin_getappInfo Provides application wide information and Admin capabilities on the application to add or delete sensitive configuration records

Let’s assume these two portals require different sensitivity levels for an authorized user. Now:

If an unauthenticated user can access either page, that’s a flaw.
If an authenticated, non-admin, user is allowed to access the “admin_getappInfo” page, this is also a flaw and may lead the attacker to more improperly protected admin pages.

Prevention Measures

Deny access to all sensitive pages and functions by default.
Consider role-based security to define clear boundaries for user access and re-check user roles every time before allowing access to sensitive functions, data, files, URLs, and services.
Centralize authorization functions and policy management.
Always make authorization decisions on the server side.