Scala : Insecure direct object references

Classification

OWASP ASVS

Access Control Access Control Access Control Access Control Access Control

CWE

CWE-639

Overview

Insecure Direct Object Reference is an access control problem which allows an attacker to view data by manipulating an identifier (for example, a document or account number).

Direct object references are maps of an identifier to a resource; they are insecure direct object references if they allow an unauthorized user to access data.

References

Insecure Direct Object Reference
CWE-639: Authorization Bypass Through User-Controlled Key
What are insecure direct object references (IDOR)?

MEDIUM

Scala : Insecure direct object references

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Scala : Insecure direct object references in your application?

See also

Scala : Unreleased resource stream

Scala : Multiple loggers in same class

Scala : Insufficient encryption key length