Hacker News new | ask | show | jobs
by kungpoo 4136 days ago
How is this a security flaw?
1 comments
xtrumanx 4136 days ago
This is seems to be a case of "Missing Function Level Access Control"[0] as defined by the Open Web Application Security Project (OWASP).

I highly suggest browsing OWASP's Top 10[1] if you are a software developer and believe this is not a security vulnerability.

[0] https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Funct...

[1] https://www.owasp.org/index.php/Top_10_2013-Top_10

link