Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags


What are identification and authorization failures?

Educative Team


Authorization in system security means giving access to a user for specific resources, functions, or data. This permits the user to use these resources, functions, or data as a valid user. This is also known as client privilege or access control.


Identification means specifying the user by their unique ID, smart card, or anything that allows the user to be uniquely identified. A citizen's social security number is an example of this. Similarly, in system security, the system assigns each user a unique ID so the user can be tracked and allowed or denied any access. User identification also helps the system know about the user's details.

In the following figure, the identification and authorization process is represented in a very simple way. However, in real systems, these processes should be made more complex so that fewer failures occur:

Identification and authorization

Reasons for failures

As technology evolves, the security processes to protect sensitive data should also improve. However, some systems are not built efficiently and enable malicious users to exploit them by leaking or using the data for harmful purposes. It is also possible that users trust the system and the other users unconditionally or are unaware of possible security threats.

These issues create security threats for the companies, which can lead to disastrous situations, causing the entire company to fail. This is especially true if it contains sensitive data. Here are some common reasons why these failures occur:

  • Systems don't properly implement password reset or recovery systems.
  • Systems don't implement firewalls to prevent attacks like credential theft or brute-forcing.
  • Systems don't handle session identifiers after re-login, logout, email/password update, etc.

Impacts of failures

When the identification and authorization features for a system are weak, the attackers can exploit the system in numerous ways. Some of them are listed below:

  • Brute force or credential stuffing
  • Execution after redirect (EAR)
  • Session hijacking
  • Cross-site request forgery (CSRF)
  • One-click attack
  • Session fixation


Copyright ©2022 Educative, Inc. All rights reserved

View all Courses

Keep Exploring