Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-114:Authentication Abuse
Attack Pattern ID:114
Version:v3.9
Attack Pattern Name:Authentication Abuse
Abstraction:Meta
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
▼Extended Description

This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.

▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS90Reflection Attack in Authentication Protocol
Nature: ParentOf
Type: Standard
ID: 90
Name: Reflection Attack in Authentication Protocol
▼Execution Flow
▼Prerequisites
An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.
▼Skills Required
▼Resources Required
A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or State
CWE-287Improper Authentication
ID: CWE-1244
Name: Internal Asset Exposed to Unsafe Debug Access Level or State
ID: CWE-287
Name: Improper Authentication
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1548Abuse Elevation Control Mechanism
Taxonomy Name: ATTACK
Entry ID: 1548
Entry Name: Abuse Elevation Control Mechanism
▼Notes
▼References
Details not found