Description
Vertical Broken Function Level Authorization (BFLA) is a security vulnerability that occurs when an application fails to properly restrict access to sensitive functions or resources based on the user's authorization level. This can allow attackers to perform unauthorized actions or access restricted data by manipulating requests to bypass access controls.
Remediation
Implement proper authorization checks for every access to a resource or function: 1. Implement consistent and thorough access control checks for all sensitive functions and resources. 2. Use role-based access control (RBAC) or attribute-based access control (ABAC) systems. 3. Implement the principle of least privilege, granting users only the minimum necessary permissions. 4. Centralize authorization logic to reduce the risk of inconsistent implementations. 5. Conduct regular security audits and penetration testing to identify and address any BFLA vulnerabilities.
References
Related Vulnerabilities
Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)
WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)
Grafana Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-10452)