qeeqbox / authorization-bypass

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

authorization bypass example metadata infosecsimplified qeeqbox vulnerability

A threat actor may perform unauthorized functions by bypassing or abusing the target authorization mechanism

Example #1

Developer forgets to remove an in-house debugging mechanism associated with user-agent
A threat actor finds out changing the user-agent header to debug grants different or higher privileges

Impact

Vary

Risk

read & modify data
execute commands

Redemption

validate access control

ID

91f9b046-b802-425a-b71b-64c21c6b1c0f

References

[mitre](https://cwe.mitre.org/data/definitions/639.html

About

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

authorization bypass example metadata infosecsimplified qeeqbox vulnerability

GNU Affero General Public License v3.0