CAPEC-115: Authentication Bypass

攻击模式描述

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

前提条件

• An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc.

所需资源

• A client application, such as a web browser, or a scripting language capable of interacting with the target.

分类映射