Name Removing/short-circuiting 'guard logic'
Summary Attackers can, in some cases, get around logic put in place to 'guard' sensitive functionality or data. The attack may involve gaining access to and calling protected functionality (or accessing protected data) directly, may involve subverting some aspect of the guard's implementation, or outright removal of the guard, if possible.
Prerequisites The Attacker must have reverse-engineered the application and its design extensively enough to have determined that a guard element exists. This may have been done as simply as through probing (and likely receiving too verbose an error message) or could have involved high-brow techniques supported by advanced reverse engineering/debugging tools.
Related Weaknesses
CWE ID Description
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-372 Incomplete Internal State Distinction
CWE-510 Trapdoor
CWE-693 Protection Mechanism Failure
Back to Top