Insufficient authentication/authorization

Definition
Insufficient authentication/authorization may result from

{{Quote|weak passwords [that] are used or are poorly protected. Insufficient authentication/authorization is prevalent as it is assumed that interfaces will only be exposed to users on internal networks and not to external users on other networks. Deficiencies are often found to be present across all interfaces. Many Issues with authentication/authorization are easy to discover when examining the interface manually and can also be discovered via automated testing. OWASP, "Top 10 2014-I2 Insufficient Authentication/Authorization" (full-text).