Ruby : Insecure direct object references

Classification

OWASP ASVS

Access Control Access Control Access Control Access Control Access Control

CWE

CWE-639

Overview

Insecure Direct Object Reference is an access control problem which allows an attacker to view data by manipulating an identifier (for example, a document or account number).

Direct object references are maps of an identifier to a resource; they are insecure direct object references if they allow an unauthorized user to access data.

References

Insecure Direct Object Reference
CWE-639: Authorization Bypass Through User-Controlled Key
What are insecure direct object references (IDOR)?

MEDIUM

Ruby : Insecure direct object references

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Ruby : Insecure direct object references in your application?

See also

Ruby : Weak hashing algorithm

Ruby : Empty encryption key

Ruby : Hardcoded sensitive data