Authorization-related vulnerabilities are part of the OWASP Top 10 2017. They are covered under A5:2017 Broken Access Control. Some of the vulnerabilities listed under this category are as follows:
- Bypassing access control checks by tampering with the URL
- Allowing the primary key to be changed to another user's record, and allowing viewing or editing someone else's account
- Escalating privileges