# Incorrect Authorization (CWE-863)

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

- Prevalence: 高 无 Shoulder 规则
- Impact: 高 OWASP Top 10 #1
- Prevention: 查看 MITRE 外部参考

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

Even when authorization checks exist, incorrect implementation can allow unauthorized access. This includes using the wrong comparison logic, checking the wrong attributes, or having inconsistent enforcement.

## Prevention

## Consequences

- 读取应用程序数据
- 修改应用程序数据
- 获取权限

## Mitigations

- 使用集中式的授权机制
- 用不同的用户角色彻底测试授权逻辑
- 在所有资源上一致地实施授权检查