Sometime developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check, attackers can manipulate these references to access unauthorized data.
Impact on Security:
- Attack on Confidentiality
Exploitability : Easy
Impact : Moderate
- Use per user or session indirect object reference. (The principle is simple: on server-side, for each direct reference, generate another identifier and use this identifier in your web page instead of the direct reference. The generated identifier can be a random value, a hash value, or a numeric suite. On server side, create a mapping table and map all these indirect references.)
- Check access. (Each use of a direct object reference from an untrusted source must include an access control check to ensure the user is authorized for the requested object.)
