CAPEC-115

Authentication Bypass
Moyen
Draft
2014-06-23
00h00 +00:00
2022-02-22
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

Informations du CAPEC

Conditions préalables

An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc.

Ressources nécessaires

A client application, such as a web browser, or a scripting language capable of interacting with the target.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-287

 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Références

REF-598

OWASP Web Security Testing Guide
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema.html

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated References
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description