Cybersecurity Issue: OWASP A01:2021 Broken Access Control

Samuel.Chou.OM · April 15, 2025, 3:53am

I believe it’s a general issue.

Description
As our client requested, we ran a Vulnerability Assessment, targeting the web-admin and web-client side.

The result shows that Glide Apps has multiple medium-risk issues; one of them is OWASP A01:2021 Broken Access Control.

How to replicate

Open any of your Glide App web-client or web-admin page.
Navigate to the Internet requests. For example, in Google Chrome, open DevTools > Internet.
Navigate to any request that goes to https://go.glideapps.com or https://your-app.glide.page
Look up to request header.

You will find that header filled with access-control-allow-origin: *, like:

I took a quick look to other website services like WordPress, wix, Google, Facebook, etc. It seems that the issue does not exist in their web service.

nathanaelb · April 15, 2025, 7:53am

@NoCodeAndy @comm_support_agent

Topic		Replies	Views
Security Audit Findings for Custom Glide App - Seeking Expert Feedback Ask for Help security	8	249	July 2, 2024
Help! No one can access my app- connection not secure? attackers? Ask for Help	13	987	April 20, 2022
How to fix Unlimited Cross Origin Resource sharing? Ask for Help	2	25	January 7, 2025
Cybersecurity issue: CWE-798 hard-coded authentication in web client side Report a Bug security	3	98	April 15, 2025
Some links in the Certification App are broken Report a Bug	14	201	April 17, 2024

Cybersecurity Issue: OWASP A01:2021 Broken Access Control

Related topics