Broken Object Level Authorization
Broken Object Level Authorization (BOLA) is a vulnerability that allows an attacker to access unauthorized resources by manipulating key values. This vulnerability is also known as Insecure Direct Object Reference (IDOR).
Use non-sequential identifiers.
- threshold_res : Rate of correct responses to an argument being enumerated to raise an alert.
- threshold_enum : Rate of iterable values of a field to be considered iterable.
Ignore this check
- Escape Severity: MEDIUM
- OWASP: API1:2023
- PCI DSS: 6.5.8
- WASC: WASC-11
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 5.1