CAPEC-114
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Descripciones CAPEC
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
Informaciones CAPEC
Prerrequisitos
An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.Recursos requeridos
A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.Debilidades relacionadas
| Nombre de la debilidad | |
|---|---|
CWE-287 |
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
CWE-1244 |
Internal Asset Exposed to Unsafe Debug Access Level or State The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
