Threat Event
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
|
|
| ID | CAPEC-115 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 115 |
| Abstraction | Meta |
| Status | Draft |
| Alternate Terms | |
| Likelihood Of Attack | |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc.:: |
| Skills Required | |
| Resources Required | ::A client application, such as a web browser, or a scripting language capable of interacting with the target.:: |
| Indicators | |
| Consequences | |
| Mitigations | |
| Example Instances | |
| Related Weaknesses | ::287:: |
| Taxonomy Mappings | TAXONOMY NAME:ATTACK:ENTRY ID:1548:ENTRY NAME:Abuse Elevation Control Mechanism:: |
| Notes | |