CAPEC-114: Authentication Abuse

攻击模式描述

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

前提条件

• An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.

所需资源

• A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.

分类映射