Security News > 2023 > July > CISA warns of breach risks from IDOR web app vulnerabilities

CISA warns of breach risks from IDOR web app vulnerabilities
2023-07-28 16:10

CISA warned today of the significant breach risks linked to insecure direct object reference vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security Centre and U.S. National Security Agency.

IDOR vulnerabilities are flaws in web apps that enable attackers to access and manipulate sensitive data by directly referencing internal objects or resources.

IDOR vulnerabilities are considered significant security risks, as they can lead to unauthorized access and data breaches due to improper input validation and authorization checks that allow threat actors to access resources they're not authorized to use.

The ACSC, CISA, and NSA warned vendors, designers, developers, and organizations that use web applications to protect their systems against IDOR vulnerabilities.

"These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers," the three agencies said.

End-user organizations should choose web apps that show commitment to secure-by-design and -default principles, apply software patches for web apps as soon as possible, configure apps to log and alert on tampering attempts, and conduct regular penetration testing and vulnerability scanning to ensure their web apps are secure.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-breach-risks-from-idor-web-app-vulnerabilities/