Metaseverity: MediumDraft

CAPEC-115Authentication Bypass

Abstraction
Meta
Status
Draft
Severity
Medium

Description

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. Metadata: meta CAPEC pattern, status draft, severity medium. Underlying weakness: CWE-287. Mapped ATT&CK technique: [object Object].

Related weaknesses· 1

CWE-287

MITRE ATT&CK crosswalk· 1

T1548: Abuse Elevation Control Mechanism

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-287100%live

Related to1

TypeTargetConfidenceTier
TechniqueAbuse Elevation Control Mechanismt1548100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Authentication Abuse
CAPEC
Privilege Abuse
CAPEC
Functionality Bypass
CAPEC
Privilege Escalation
CAPEC
Exploiting Incorrectly Configured Access Control Security Levels
CAPEC
Exploit Non-Production Interfaces
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.