Wikipedia Easy Search

In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation.^[1] The confused deputy problem is often cited as an example of why capability-based security is important.

Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not.^[2]

^ Wu, Jianliang; Cui, Tingting; Ban, Tao; Guo, Shanqing; Cui, Lizhen (2015-09-10). "PaddyFrog: systematically detecting confused deputy vulnerability in Android applications: PaddyFrog: systematically detecting confused deputy vulnerability in Android applications". Security and Communication Networks. 8 (13): 2338–2349. doi:10.1002/sec.1179.
^ "ACLs don't". sourceforge.net.