Missing Authorization
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-862: Missing Authorization |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
This code exposes controller classes without any authorization checks, allowing anyone to access their endpoints regardless of authentication or user role. Access control should be enforced unless anonymous access is explicitly intended.
Impact#
Without proper authorization, attackers or unauthorized users could access sensitive functionality or data, perform actions reserved for authenticated users, and potentially compromise the security of the application. This can lead to data breaches, privilege escalation, and loss of control over protected resources.