An attacker may access default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain information or unauthorized access to the system.
How to solve it
The information flow control system implemented by Hdiv allows control of the resources (links and forms) exposed by the application, and prevents breaking the original contract from the server. In other words, even when the programmer does not use access control systems or ACL (Java EE or Spring Security) Hdiv is able to identify which resource is legally accessible by each user.