| Name |
Authentication Abuse |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. |
| Prerequisites |
An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-287 |
Improper Authentication |
| CWE-1244 |
Improper Access to Sensitive Information Using Debug and Test Interfaces |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1548 |
Abuse Elevation Control Mechanism |
|