Broken access control refers to a vulnerability in which an attacker is able to bypass or circumvent the system's controls that are in place to restrict access to sensitive data or resources. This can be caused by a variety of issues, such as weak authentication and authorization mechanisms, flawed access controls on the system or application, or failure to properly validate user input. To fix broken access control, several steps can be taken, including:

1. Implementing proper authentication and authorization controls that are based on industry best practices and standards.

2. Regularly reviewing and testing the system's access controls to identify and address any vulnerabilities.

3. Implementing access control validation checks on user input to ensure that it is properly sanitized and does not allow for unauthorized access.

4. Conducting regular security assessments and penetration testing to identify and address any vulnerabilities.

5. Training employees to be aware of the risks of broken access control and how to avoid them.