Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5964 vulnerabilities reference this CWE, most recent first.

GHSA-84HJ-V72F-GXC9

Vulnerability from github – Published: 2023-08-28 21:31 – Updated: 2024-03-12 18:31
VLAI
Details

Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-28T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.",
  "id": "GHSA-84hj-v72f-gxc9",
  "modified": "2024-03-12T18:31:11Z",
  "published": "2023-08-28T21:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35785"
    },
    {
      "type": "WEB",
      "url": "https://manageengine.com"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84M5-WQ3J-47C4

Vulnerability from github – Published: 2023-12-25 09:30 – Updated: 2024-01-04 03:30
VLAI
Details

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-25T08:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.",
  "id": "GHSA-84m5-wq3j-47c4",
  "modified": "2024-01-04T03:30:38Z",
  "published": "2023-12-25T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34267"
    },
    {
      "type": "WEB",
      "url": "https://www.rws.com/localization/products/trados-enterprise/worldserver"
    },
    {
      "type": "WEB",
      "url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84QR-WGJ8-H8V8

Vulnerability from github – Published: 2022-05-17 04:41 – Updated: 2022-05-17 04:41
VLAI
Details

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3780"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-30T14:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.",
  "id": "GHSA-84qr-wgj8-h8v8",
  "modified": "2022-05-17T04:41:28Z",
  "published": "2022-05-17T04:41:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3780"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58431"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX140779"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/67687"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030305"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-84R5-FG22-5VJV

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:17:00Z",
    "severity": "HIGH"
  },
  "details": "Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-84r5-fg22-5vjv",
  "modified": "2026-07-14T18:32:04Z",
  "published": "2026-07-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50338"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84XH-PWC6-7G4G

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2026-01-27 15:30
VLAI
Details

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-613",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T18:15:33Z",
    "severity": "MODERATE"
  },
  "details": "When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when  TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key  are used and/or the  SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache  are used in the default server and the default server is performing client certificate authentication.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-84xh-pwc6-7g4g",
  "modified": "2026-01-27T15:30:26Z",
  "published": "2025-02-05T18:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000149173"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/02/05/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-84XP-PHCJ-753R

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-10-27 19:00
VLAI
Details

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-19T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members\u2019 information, modify and delete the courses in system, thus causing users fail to access the learning content.",
  "id": "GHSA-84xp-phcj-753r",
  "modified": "2022-10-27T19:00:41Z",
  "published": "2022-05-24T22:28:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35964"
    },
    {
      "type": "WEB",
      "url": "https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4924-f74d5-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8545-G96P-Q9HH

Vulnerability from github – Published: 2022-05-17 03:37 – Updated: 2025-04-12 12:45
VLAI
Details

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-2047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-23T17:59:00Z",
    "severity": "LOW"
  },
  "details": "The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.",
  "id": "GHSA-8545-g96p-q9hh",
  "modified": "2025-04-12T12:45:33Z",
  "published": "2022-05-17T03:37:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2047"
    },
    {
      "type": "WEB",
      "url": "https://review.typo3.org/#/c/37013"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
    },
    {
      "type": "WEB",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3164"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72763"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031824"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-856Q-XV3C-7F2F

Vulnerability from github – Published: 2022-02-23 14:59 – Updated: 2022-02-25 15:38
VLAI
Summary
Unauthenticated control plane denial of service attack in Istio
Details

Impact

The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.

For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially multicluster topologies, this port is exposed over the public internet.

Patches

  • Istio 1.13.1 and above
  • Istio 1.12.4 and above
  • Istio 1.11.7 and above

Workarounds

There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.

References

More details can be found in the Istio Security Bulletin

For more information

If you have any questions or comments about this advisory, please email us at istio-security-vulnerability-reports@googlegroups.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.13.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-23T14:59:08Z",
    "nvd_published_at": "2022-02-22T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.\n\nFor simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet.\n\n### Patches\n\n- Istio 1.13.1 and above\n- Istio 1.12.4 and above\n- Istio 1.11.7 and above\n\n### Workarounds\nThere are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-003)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)\n",
  "id": "GHSA-856q-xv3c-7f2f",
  "modified": "2022-02-25T15:38:52Z",
  "published": "2022-02-23T14:59:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio"
    },
    {
      "type": "WEB",
      "url": "https://istio.io/latest/news/security/istio-security-2022-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unauthenticated control plane denial of service attack in Istio"
}

GHSA-857Q-XMPH-P2V5

Vulnerability from github – Published: 2024-08-09 20:41 – Updated: 2024-08-09 20:41
VLAI
Summary
s2n-tls's mTLS API ordering may skip client authentication
Details

Impact

An API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2n_connection_set_config() before calling s2n_connection_set_client_auth_type().

Applications are not impacted if these APIs are called in the opposite order, or if client authentication is enabled on the config with s2n_config_set_client_auth_type(). s2n-tls clients verifying server certificates are not impacted.

Impacted versions: < v1.5.0.

Patches

The patch is included in v1.5.0 [1].

Workarounds

Applications can workaround this issue by calling s2n_connection_set_config() after calling s2n_connection_set_client_auth_type(), or by enabling client authentication on the config with s2n_config_set_client_auth_type().

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

[1] https://github.com/aws/s2n-tls/releases/tag/v1.5.0

[2] https://aws.amazon.com/security/vulnerability-reporting

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "s2n-tls"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-09T20:41:38Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAn API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2n_connection_set_config() before calling s2n_connection_set_client_auth_type().\n\nApplications are not impacted if these APIs are called in the opposite order, or if client authentication is enabled on the config with s2n_config_set_client_auth_type(). s2n-tls clients verifying server certificates are not impacted.\n\nImpacted versions: \u003c v1.5.0.\n\n\n### Patches\n\nThe patch is included in v1.5.0 [1].\n\n\n### Workarounds\n\nApplications can workaround this issue by calling s2n_connection_set_config() after calling s2n_connection_set_client_auth_type(), or by enabling client authentication on the config with s2n_config_set_client_auth_type().\n\nIf you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page [2] or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n[1] https://github.com/aws/s2n-tls/releases/tag/v1.5.0\n\n[2] https://aws.amazon.com/security/vulnerability-reporting",
  "id": "GHSA-857q-xmph-p2v5",
  "modified": "2024-08-09T20:41:39Z",
  "published": "2024-08-09T20:41:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/s2n-tls/security/advisories/GHSA-857q-xmph-p2v5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/s2n-tls/commit/e8ca8911c5b2f2361687dec1467c45cd54d00b3f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/s2n-tls"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "s2n-tls\u0027s mTLS API ordering may skip client authentication"
}

GHSA-8599-937F-746W

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2023-12-31 21:30
VLAI
Details

Windows Hyper-V Security Feature Bypass Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-17040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-11T07:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Windows Hyper-V Security Feature Bypass Vulnerability",
  "id": "GHSA-8599-937f-746w",
  "modified": "2023-12-31T21:30:26Z",
  "published": "2022-05-24T17:33:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17040"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17040"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.