Access Control Testing not working

30 views
Skip to first unread message

浩宇

unread,
Oct 9, 2025, 3:03:23 AM (5 days ago) Oct 9
to ZAP User Group
Access Control Testing not working

I used the Pikachu Shooting Range Level Permission Override vulnerability to verify ZAP's Access Control Testing, but no matter how I configured it, the alarm IDs 10101 and 10102 could not be triggered. Why is this1.jpg2.jpg3.jpg4.jpg

浩宇

unread,
Oct 9, 2025, 4:16:24 AM (5 days ago) Oct 9
to ZAP User Group
看不到图片呢2.jpg

浩宇

unread,
Oct 9, 2025, 4:24:21 AM (5 days ago) Oct 9
to ZAP User Group
I set up the context, policy, multiple accounts, etc., but I can't find the ID10101 and 10102 vulnerabilities.

Simon Bennetts

unread,
9:15 AM (9 hours ago) 9:15 AM
to ZAP User Group
It will either be a bug or a misconfiguration.
This is an alpha rule which has not had any significant update since 2015, so it may have broken at some point.

Access control testing is something that we would love to get back to and improve, but right now its not something that I'm likely to be able to find time to look into.

If you do decide to try to debug it then we would be very interested in what you find :)

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages