Skip to content
← Back to Glossary
Access Control Checked by Vezraa

Insecure Direct Object Reference (IDOR)

A vulnerability where users can access other users' data by changing an ID parameter.

IDOR occurs when APIs trust user-supplied IDs without verifying ownership. Simply changing /api/invoices/123 to /api/invoices/124 should not return another user's data. Fix by always checking resource ownership server-side.

Related Terms

See this vulnerability in the database

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

Insecure Direct Object Reference (IDOR) — Security Glossary | Vezraa