Prerequisites
An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.
Resources Required
A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
CWE-1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State The product uses physical debug or test
interfaces with support for multiple access levels, but it
assigns the wrong debug access level to an internal asset,
providing unintended access to the asset from untrusted debug
agents. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2021-06-24 +00:00 |
Updated Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Description, Extended_Description |