The application uses a protection mechanism that relies on the
					existence or values of an input, but the input can be modified by an untrusted
					actor in a way that bypasses the protection mechanism. Developers may assume that inputs such as cookies, environment variables,
						and hidden form fields cannot be modified. However, an attacker could change
						these inputs using customized clients or other attacks. This change might
						not be detected. When security decisions such as authentication and
						authorization are made based on the values of these inputs, attackers can
						bypass the security of the software.Without sufficient encryption, integrity checking, or other mechanism, any
						input that originates from an outsider cannot be trusted.