CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5947 vulnerabilities reference this CWE, most recent first.
GHSA-9593-96FP-8W9M
Vulnerability from github – Published: 2022-05-17 05:48 – Updated: 2022-05-17 05:48The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.
{
"affected": [],
"aliases": [
"CVE-2010-2944"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-20T20:00:00Z",
"severity": "HIGH"
},
"details": "The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.",
"id": "GHSA-9593-96fp-8w9m",
"modified": "2022-05-17T05:48:55Z",
"published": "2022-05-17T05:48:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2944"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41022"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/08/18/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/7"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-95C8-G3XM-FFH5
Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2018-0008"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-10T22:29:00Z",
"severity": "HIGH"
},
"details": "An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a \"safe mode\" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.",
"id": "GHSA-95c8-g3xm-ffh5",
"modified": "2022-05-13T01:09:21Z",
"published": "2022-05-13T01:09:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0008"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA10835"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040186"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-95F7-RC94-RQJ7
Vulnerability from github – Published: 2022-05-17 02:28 – Updated: 2025-04-20 03:40Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.
{
"affected": [],
"aliases": [
"CVE-2017-8495"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-11T21:29:00Z",
"severity": "HIGH"
},
"details": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka \"Kerberos SNAME Security Feature Bypass Vulnerability\" or Orpheus\u0027 Lyre.",
"id": "GHSA-95f7-rc94-rqj7",
"modified": "2025-04-20T03:40:32Z",
"published": "2022-05-17T02:28:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8495"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495"
},
{
"type": "WEB",
"url": "https://www.orpheus-lyre.info"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99424"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038862"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-95H9-XMGG-5F3R
Vulnerability from github – Published: 2022-07-26 00:00 – Updated: 2022-08-04 00:00An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.
{
"affected": [],
"aliases": [
"CVE-2022-34575"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-25T22:15:00Z",
"severity": "MODERATE"
},
"details": "An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.",
"id": "GHSA-95h9-xmgg-5f3r",
"modified": "2022-08-04T00:00:22Z",
"published": "2022-07-26T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34575"
},
{
"type": "WEB",
"url": "https://github.com/pghuanghui/CVE_Request/blob/main/WiFi-Repeater/WiFi-Repeater_fctest.assets/WiFi-Repeater_fctest.md"
},
{
"type": "WEB",
"url": "https://www.wavlink.com/en_us/category/REPEATER.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-95JQ-RWVF-VJX4
Vulnerability from github – Published: 2026-04-09 21:31 – Updated: 2026-05-20 22:09CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.
Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote-ffm"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.83"
},
{
"fixed": "9.0.116"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote-ffm"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M7"
},
{
"fixed": "10.1.53"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote-ffm"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.20"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.83"
},
{
"fixed": "9.0.116"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M7"
},
{
"fixed": "10.1.53"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29145"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T22:07:25Z",
"nvd_published_at": "2026-04-09T20:16:24Z",
"severity": "CRITICAL"
},
"details": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
"id": "GHSA-95jq-rwvf-vjx4",
"modified": "2026-05-20T22:09:00Z",
"published": "2026-04-09T21:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29145"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/09/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat: CLIENT_CERT authentication does not fail as expected"
}
GHSA-95JR-2G3P-6M72
Vulnerability from github – Published: 2022-01-14 00:00 – Updated: 2022-01-23 00:00This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706.
{
"affected": [],
"aliases": [
"CVE-2021-34993"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T22:15:00Z",
"severity": "CRITICAL"
},
"details": "This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706.",
"id": "GHSA-95jr-2g3p-6m72",
"modified": "2022-01-23T00:00:36Z",
"published": "2022-01-14T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34993"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1328"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-95M6-MJH3-58GM
Vulnerability from github – Published: 2018-10-18 16:48 – Updated: 2022-09-17 00:55It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-8609"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:27:42Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user\u0027s session. This could lead to information disclosure, or permit further possible attacks.",
"id": "GHSA-95m6-mjh3-58gm",
"modified": "2022-09-17T00:55:51Z",
"published": "2018-10-18T16:48:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8609"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-95m6-mjh3-58gm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Authentication in org.keycloak:keycloak-core"
}
GHSA-95PM-6WJG-58QW
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:00A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2017-20050"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component.",
"id": "GHSA-95pm-6wjg-58qw",
"modified": "2022-06-25T00:00:52Z",
"published": "2022-06-16T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20050"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.98914"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Mar/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-95VP-23XG-JV7P
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.
{
"affected": [],
"aliases": [
"CVE-2023-41261"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-12T23:15:11Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.",
"id": "GHSA-95vp-23xg-jv7p",
"modified": "2024-04-04T08:36:32Z",
"published": "2023-10-13T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41261"
},
{
"type": "WEB",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-95WH-V6QF-2WCW
Vulnerability from github – Published: 2022-05-17 01:19 – Updated: 2025-04-12 13:02Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
{
"affected": [],
"aliases": [
"CVE-2016-5133"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-23T19:59:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.",
"id": "GHSA-95wh-v6qf-2wcw",
"modified": "2025-04-12T13:02:53Z",
"published": "2022-05-17T01:19:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5133"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/2067933002"
},
{
"type": "WEB",
"url": "https://crbug.com/613626"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3637"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92053"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036428"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3041-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.