CAPEC-114
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Description
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
Informations
Prerequisites
An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.Resources Required
A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.Related Weaknesses
| Weakness Name | |
|---|---|
| Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
|
| Internal Asset Exposed to Unsafe Debug Access Level or State The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
Submission
| Name | Organization | Date | Date Release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
2024©
tesweb SA
