The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.
ACSC, CISA, and NSA strongly encourage vendors, designers, developers, and end-user organizations to review the CSA, Preventing Web Application Access Control Abuse, for best practices, recommendations, and mitigations to reduce the prevalence of IDOR vulnerabilities and ensure web applications are secure-by-design and -default.
To report or share information on incidents and unusual activity, contact CISA at report to CISA or our 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2019-19006 Sangoma FreePBX Improper…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.