The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.
ACSC, CISA, and NSA strongly encourage vendors, designers, developers, and end-user organizations to review the CSA, Preventing Web Application Access Control Abuse, for best practices, recommendations, and mitigations to reduce the prevalence of IDOR vulnerabilities and ensure web applications are secure-by-design and -default.
To report or share information on incidents and unusual activity, contact CISA at report to CISA or our 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
Systems Affected Any system running Microsoft Windows (Windows 95 and newer) that are used…
Systems Affected Microsoft Windows systems running Internet Explorer 5.01 Internet Explorer 5.50 Internet Explorer…
Systems Affected Check Point Firewall-1 NG FCS Check Point Firewall-1 NG FP1 Check Point…
Systems Affected Systems running Microsoft Windows Overview Microsoft Windows contains multiple vulnerabilities,…
Systems Affected Systems running Microsoft Office XP and Outlook 2002 Overview There…
Systems Affected Applications and systems that use the OpenSSL SSL/TLS library Overview …
This website uses cookies.