C-sharp : Improper access control

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. The principe of minimum privileges implies that a user, a program or a process must by default have as few access privileges as possible or only those required. In Improper Access Control cases this principal is violated on.

Access control involves the use of several protection mechanisms such as: - Authentication (proving the identity of an actor) - Authorization (ensuring that a given actor can access a resource), and - Accountability (tracking of activities that were performed)

When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.