Broken Object Level Authorization (BOLA)

Object Level Authorization is a mechanism that checks if a user has right to access or execute an action on a specific object. For example, a user may have the permission to update his profile, but not anyone else’s profile.

Such mechanism are often overlooked, as they are set deep in the application, and the user has been channeled there with all needed information.

BOLA is often detected by manipulating the ids of the objects.

Documentation

See also Broken Object Level Authorization and Broken Object Level Authorization (BOLA): The Silent Threat in API Security.

Related : Vulnerability