An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
|
|
| ID | CAPEC-114 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 114 |
| Abstraction | Meta |
| Status | Draft |
| Alternate Terms | |
| Likelihood Of Attack | |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way.:: |
| Skills Required | |
| Resources Required | ::A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism.:: |
| Indicators | |
| Consequences | |
| Mitigations | |
| Example Instances | |
| Related Weaknesses | ::287::1244:: |
| Taxonomy Mappings | TAXONOMY NAME:ATTACK:ENTRY ID:1548:ENTRY NAME:Abuse Elevation Control Mechanism:: |
| Notes | |