CAPEC Details
Name Authentication Abuse
Likelyhood of attack Typical severity
Medium Medium
Summary An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
Prerequisites An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.
Solutions
Related Weaknesses
CWE ID Description
CWE-287 Improper Authentication
CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State
Taxonomy: ATTACK
Entry ID Entry Name
1548 Abuse Elevation Control Mechanism