Kotlin : Insecure direct object references

Classification

OWASP ASVS

Access Control Access Control Access Control Access Control Access Control

CWE

CWE-639

Overview

Insecure Direct Object Reference is an access control problem which allows an attacker to view data by manipulating an identifier (for example, a document or account number).

Direct object references are maps of an identifier to a resource; they are insecure direct object references if they allow an unauthorized user to access data.

References

Insecure Direct Object Reference
CWE-639: Authorization Bypass Through User-Controlled Key
What are insecure direct object references (IDOR)?

MEDIUM

Kotlin : Insecure direct object references

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Kotlin : Insecure direct object references in your application?

See also

Kotlin : Missing required cryptographic step

Kotlin : Logging into system output

Kotlin : Call of notify() in synchronized block