OWASP broken access control (noun) [Word Notes]

Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.