Insecure Direct Object Reference (IDOR) — Accessing Unauthorized Resources via Predictable Identifiers
Insecure Direct Object Reference (IDOR) is an access control vulnerability where an application exposes internal object references without proper authorization checks. This SECMONS glossary entry explains how IDOR works, real-world impact, and how defenders should prevent and detect it.