Metaseverity: MediumDraft

CAPEC-114Authentication Abuse

Abstraction
Meta
Status
Draft
Severity
Medium

Description

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

Related weaknesses· 2

CWE-287CWE-1244

MITRE ATT&CK crosswalk· 1

T1548: Abuse Elevation Control Mechanism

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-287100%live
WeaknessInternal Asset Exposed to Unsafe Debug Access Level or Statecwe-1244100%live

Related to1

TypeTargetConfidenceTier
TechniqueAbuse Elevation Control Mechanismt1548100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Authentication Bypass
CAPEC
Privilege Abuse
CAPEC
Session Credential Falsification through Manipulation
CAPEC
Session Credential Falsification through Forging
CAPEC
Functionality Misuse
CAPEC
Exploiting Incorrectly Configured Access Control Security Levels
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.