During a security audit of a cloud-based application, you identify a flaw where authorization is only enforced during the initial login process and not on subsequent internal operations. Which security threat does this flaw most accurately align with?