 Confused deputy problem

The "confused deputy" problem is a security vulnerability that occurs in computer systems when a program or process, acting on behalf of another entity, is fooled into performing actions that it should not be allowed to do. This situation often arises when privileges are mismanaged or mishandled, particularly in access control scenarios. In a typical example, consider a scenario where a program (the "deputy") has certain permissions on behalf of a user (the "principal").