Improper Enforcement of a Single, Unique Action
This vulnerability occurs when a system fails to properly prevent users from repeating an action that should only be performed once, such as submitting a vote, finalizing a purchase, or requesting a refund.
Many applications are designed to allow specific one-time actions, like casting a ballot, completing a transaction, or applying a coupon. When the system doesn't correctly track and enforce this single-use limitation, it creates a logic flaw that attackers can exploit. For example, in an e-commerce system, a user might bypass purchase limits or repeatedly apply a single-use discount code, leading to financial loss or inventory disruption. From a security perspective, this weakness directly undermines business rules and data integrity. An attacker could stuff a ballot in a voting app, repeatedly withdraw funds in a banking system, or spam a registration form to exhaust resources. The impact ranges from skewed analytics and unfair outcomes to significant revenue loss or system abuse, making robust single-action enforcement a critical requirement for both security and functional correctness.
Impact: Varies by Context
An attacker might be able to gain advantage over other users by performing the action multiple times, or affect the correctness of the product.