Home / Vulnerability Database / C-sharp : Mass assignment

C-sharp : Mass assignment

Classification

OWASP Top 10 2013

A4-Insecure Direct Object References

OWASP Top 10 2017

A5-Broken Access Control

OWASP Top 10 2021

A1-Broken Access Control

OWASP ASVS

Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

HIPAA

§164.312 (e)(1)

CWE

CWE-1030

Overview

Mass assignment is used.

Some frameworks allow developers to automatically bind HTTP request parameters into program code variables or objects. It may lead to leakage of sensitive data. An attacker can use autobinding to modify data that the user should not normally be allowed to access such as passwords or access rights.

References

TryUpdateModel Security Note - msdn.microsoft.com
Mass Assignment Cheat Sheet
OWASP Top 10 2017-A5-Broken Access Control
CWE-1030

MEDIUM

C-sharp : Mass assignment

Classification

Overview

References

DerScanner Severity Score

Do you want to fix C-sharp : Mass assignment in your application?

See also

C-sharp : JWT: None Algorithm

C-sharp : Insecure data transmission: Database

C-sharp : Only one of method Equals() and GetHashCode() defined